Oh, get off your high horse for a minute and stop trolling. This is a straw man argument, and I'm having none of it.
SPF and forwarding don't go together, fine, I accept that. That does not make it useless, however - far from it. Don't reject at the MTA level based on things like SPF. Instead, use spamassassin appropriately and use the SPF info to add or subtract a little from the spamassassin score. In my experience of over 1,000,000 emails going through our spamassassin box since I turned on SPF support, it has broken nothing. A few emails have gotten seemingly erroneous SPF scores in spamassassin, but that has in no case been enough to misclassify any of them. But, I have to add, our Bayes database is very well trained. SPF has, on the other hand, helped push many spams over our spamassassin "spam" threshold. Cheers, Phil -----Original Message----- From: Marc Perkel [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 25, 2006 5:51 PM To: Gino Cerullo Cc: Spamassassin Users List Subject: Re: SPF breaks email forwarding I don't have an SPF record because I refuse to support a broken technology. SPF breaks email forwarding. My users use forwarding. SMTP is broken - but I can't change that. I have to be compatible with the rest of the world. Gino Cerullo wrote: > Whether it's SPF, DKIM, a combination of both or something completely > new, the laissez-faire attitude of the past toward SMTP just doesn't > cut it anymore. Criminals (and yes, I consider anyone who forges an > identity to hide who they are a criminal no matter their intent) have > taken advantage of the loose way in which SMTP was and still is > implemented and they are causing considerable damage. If a few 'eggs' > have to be broken on the way to securing our email systems than so-be-it. > > I agree with Michael Scheidell, "SMTP is broken. has been, phishing, > forgeries, email viruses prove it." > > To make a statement like "SPF breaks email forwarding" and not offer > an alternative merely makes you come off as a troll with an agenda. > Now, I know from your contributions here that you are neither a troll > or have an ulterior motive with such a statement but at the same time > I can't even trust that the original email came from Marc Perkel > <[EMAIL PROTECTED]>. > > As it stands, I can't trust the integrity of your domain 'perkel.com' > since it does not have an SPF record. Anyone can claim to be you, even > a troll. Now, you might say that s/mime could be the answer to that > and you'd be correct but s/mime is expensive. Expensive in computer > resources because it means that my server still has to receive every > email, process it through virus and spam filters and then pass it on > to me where what remains still has to be evaluated by me or my MUA. > > The idea behind SPF and its contemporaries is that obvious forgeries > are handled by the MTA before entering the system for further > evaluation, taking a huge load off the infrastructure we've been > forced to put in place to deal with a system that is clearly, at > present, broken. > > Personally, I think SPF, DKIM and any other workable proposal goes > beyond just protecting me from spam, phishing and email viruses. It > protects the integrity of my domains and further, the IP addresses in > my control since I insist that all the domains I host on my server all > have SPF records. People can trust that an email message claiming to > come from one of my domains or from one of my IP addresses does in > fact originate there. > > Thanks > -- > Gino Cerullo > > Pixel Point Studios > 21 Chesham Drive > Toronto, ON M3M 1W6 > > T: 416-247-7740 > F: 416-247-7503 > > >
