Jason Bertoch wrote:
I think it's safe to say I'm not in the minority when I receive SPF-Compliant spam. I'm looking for opinions on what we can honestly derive from such messages regarding the sending server's IP and the sending address' domain name. Is it wise to blacklist both, or is this yet another case where SPF has failed to meet projections?
It's a case where the spammer has just handed you useful information: You know for sure that the domain name is, indeed, the spammer's domain name, and not an innocent third-party's. Blacklist it without hesitation!
As for the IP, treat it the same way you'd treat the IP in non-SPF-compliant spam. They can authorize any IP they want, whether it's (legitimately) under their control or not.
-- Kelson Vibber SpeedGate Communications <www.speed.net>
