Op Tue, 20 Dec 2016 12:51:19 +0100 schreef Clint Pachl
<pa...@ecentryx.com>:
Devin Reade wrote on 12/19/16 12:59:
With respect to dealing with SPF, the simple solution (permitting an
IP if it is on the sending domain's SPF list) doesn't work too well
in the general case since it appears many spammers publish SPF records.
You're right. When I ran ruby-spf against the the TRAPPED IPs in my
spamdb, a surprising number passed SPF (like 15%). On the other hand,
one of the popular email domains from our customer DB is @att.net, which
doesn't even publish SPF. After some real life testing against our
client email DB, I determined SPF was not effective in filtering spam
for us. If it is used, it should be a small factor at best.
SPF was never meant for making accept/reject decisions on arbitrary
domains. If you don't trust the sending domain, then SPF evaluation is
pointless.
--
Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
