On Fri, 05 Oct 2012 17:17:49 +0200 lst_ho...@kwsoft.de wrote: > > Zitat von Reindl Harald <h.rei...@thelounge.net>: > > > Am 05.10.2012 16:04, schrieb lst_ho...@kwsoft.de: > >> > >> Zitat von Titanus Eramius <tita...@aptget.dk>: > >> > >>> Slightly off topic. I hope it's OK when the mail is marked as > >>> such. > >>> > >>> I was just wondering if the users of this list use SPF in any > >>> way, and if so, to what extend? > >> > >> We have considered SPF some five years ago but after second > >> thought ditched it completely: > >> > >> - It dos not really help against spam because the spam-farms also > >> can set proper SPF > > > > this point is simply wrong > > > > a spam-farm CAN NOT set a SPF that whatever ip is allowed > > to send mails with my envelope - simply because they are not > > the dns-admin of my zones > > > > > > SPF is NOT a spam-protection > > > > it is designed to prevent forged sender-addresses which in > > the worst case results in multiple auto-replies between > > completly univolved persons which may over-react and > > start blacklisting servers which are not the root-cause > > > > the real problem is that not EVERY domain has SPF records > > and that is why it doe snot help as much as it could, you > > are part of this problem because ANYBODY can send me spam > > with yur sender-address and only blacklists and bayesian > > filters prevents my server to send you auto-replies for > > such messages if i am at vacation > > This is your opinion. Mine is i don't care what sender-addresses > spam has but i care about preventing spam from reaching end users. > The most spam we see are from well connected spam-farms with their > own throw-away domains and proper SPF/DKIM set. So no, SPF/DKIM is > not useful for us in any way but certainly you are free to use it the > way you like and as long as you like. > > Regards > > Andreas > As a newcomer to both this list and Postfix in general, I did'nt realize this subject could be "touchy", and I don't hope my question has been seen as an attempt to stir the dam.
I'm asking out of a real world exampel from the other day, where I was emailed by the support of a company, I had phoned and asked for some details of a product earlier on. Since the email contained some sensitive information I wanted to make sure, at the very least, that the mail actually came from one of their servers, and in the past I have checked the SPF-header of the mail. And before you say it, I know SPF in itself is not enough to verify an email, but it should be (IMHO) enough to ensure the email is not spam or something similar. All your replies have reaised a couple of questions I was hoping could be answered as well. * As far as I understand, it should then be safe to drop mails with a SPF that does not match? I know this is not a antispam policy, for that I use rules in "smtpd_recipient_restrictions". * Is there any advantage in using "v=spf1 ip4:1.2.3.4 -all" compared to "v=spf1 mx -all" or the other way around?
