On Jun 5, 2007, at 12:32 PM, m. allan noah wrote:
Meng- strange that you in particular should respond- as i have noticed that most of these domains have an spf record of +all, which is considered a 'pass' by Mail::SPF::Query. I dont recall seeing +all in the spec? i might be able to block them with that...
Yeah, i'm not surprised bad domains do a +all. That was predicted. The weird thing is when good domains do a +all, but you might not see that very often.
One of the design goals of SPF was to encourage spammers to send mail using their own domains, not somebody else's. So a +all on a bad domain is icing on the cake. The challenge in baking the cake is knowing good domains from bad. And that's where reputation systems come in.
That said, don't use +all as an absolute indicator. There may be good domains that do a +all too. I would suggest a rule like:
if known good domain, and passes SPF, accept if known bad domain, reject if unknown domain, and has +all, it's questionable otherwise, etc.
