Marc Perkel wrote:
SPF is useless.
Oh, of course. No matter how many times people point out uses they've
found for it, no matter whether those uses are actually impacted by
email forwarding or not, you're right, obviously we're all living in a
fantasy world because the only *possible* thing one could do with an SPF
result is to reject all failures and blindly whitelist all passes.
No one could *possibly* do something like, say...
Take known spam that passes SPF and use it to generate a domain
blacklist, or...
Take a friendly domain and whitelist only mail *from that domain* that
passes SPF, like SpamAssassin's whitelist_from_spf function does...
etc.
(Notice how neither of those break with email forwarding? A forwarded
message just goes through normal channels instead of getting special
treatment.)
But no, there's absolutely *no way* anyone could do things like that.
*sigh*
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
