I'd love to implement SPF checks in SA rather than having to run two milters on our sendmail, but there's a fundamental flaw in the whitelisting for SPF.
It looks like the whitelist applies to internet domains or email addresses. Whitelisting those automatically defeats the purpose of SPF. If you whitelist (bad example, but...) [EMAIL PROTECTED], you play into the spoofer's hand by allowing any mail from that domain to pass. The "correct" whitelisting method would be to whitelist trusted IP addresses.
Anyone know if IP addresses would also work?
Thanks!
