On Thu, Dec 3, 2009 at 1:25 AM, Chris Owen <ow...@hubris.net> wrote: > On Dec 2, 2009, at 9:52 PM, valdis.kletni...@vt.edu wrote: > >> It only stops forgery if the SPF record has a -all in it (as hubris.net >> does). >> However, a lot of domains (mine included) have a ~all instead. > > I guess I've never really seen the point of publishing a SPF record if it >ends in ~all. What are people supposed to do with that info? > > Spamassassin assigns it a score of 0.6 but that is low enough it >really doesn't have much since it doesn't assign any negative >points for SPF_PASS.
Chris, In addition to pushing the spam assassin score a little more towards tagging it as a spam, I use SPF to suppress backscatter from my confirmation system. When I receive a message whose spam probability is ambiguous (spamassassin score between 3 and 8), I generate a confirmation request to the sender. This allows the sender to put the message in front of me anyway if it turns out to have been a false positive, as it occasionally does. If you publish SPF records (even with ~all) and the source doesn't match, I won't generate that request. You've given me sufficient forward knowledge to detect the forgery so that I can silently drop the spam and still comply with RFC 2821's "must." Regards, Bill Herrin -- William D. Herrin ................ her...@dirtside.com b...@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
