Marc Perkel wrote:
I'm not the one who started this discussion. I did change the subject line when the pro SPF lobby entered my other thread and moved it off the topic I was talking about.
Right, I forgot. Your original topic was about securing consumer networks, something that is way off topic for this list. Worse, there's few people on the list that can directly do anything about securing consumer networks. There are far better places to have such a discussion, so you're only wasting your own and others time by discussing it here.
Regardless, your continual assertions that SPF has no utility and "is dangerous" is what has continued this thread.
So - if you use it for whitelisting - how do you distinguish a good sender using SPF and a spammer using SPF? Wouldn't you be whitelisting spam?
A good sender is someone or an organization I know I want to receive mail from. I don't whitelist random organizations, spammers, or just anybody with an SPF record. You're failing to see the connection between authorization and reputation assessment.
In short, I only whitelist domains/addresses I want mail from -- such as [EMAIL PROTECTED], like in my previous mail.
If I'm not being clear, might I suggest reading the SpamAssassin SPF plugin documentation on how exactly I whitelist specific addresses.
Daryl
