A thought: now that spammers are using SPF to "legitimize" their email, could *we* use it as a means to shut them down sooner?
I.E.: get an email that passes SPF, and scores high. Look at the relevant SPF record and blacklist/high-score all of the hosts it states are valid sources for that sender domain.
Bad, *bad* idea. You're inviting DOSes. Given that the spammer has control of his own SPF record, he can list anything he wants there -- say, 3 of his own servers followed by *Yahoo's* mail servers. Bang, he's tricked you into blacklisting Yahoo.
-- Kelson Vibber SpeedGate Communications <www.speed.net>
