Hillbun pisze:
In fact, most of spammers domain does not designate permitted sender
hosts, so you should raise spfbehavior to 6, haha!
IMVHO, people should stop both: using SPF and publishing SPF records.
Not only it does not stop spammers because:
- they can buy their own domains,
- or just find others without SPF.
- and if they would be trying to send email from a domain with an SPF
record through the designated SMTPs, they would
use existing users and passwords with SMTP AUTH (over 70% of spam is
sent with valid SMTP AUTH - trojans, key loggers,
other sniffers)
but it also poses problem when you just publish your own SPF record and
try to send email to an account that
has an automatic forward, say you used qmailadmin to set it up. That
email might be sent to idiots using SPF to check domains
and they would find out that without SRS your mail would be rejected.
And SRS is not a perfect solution either.
So if you want better spam control and less SPF problems, just drop SPF
and tune your spamassassin better.
My 0.03$
Best regards,
Maciej
