_____
From: Marc Perkel [mailto:[EMAIL PROTECTED]
Sent: Monday, August 27, 2007 3:49 PM
To: users@spamassassin.apache.org
Subject: Re: SPF-Compliant Spam
Kai Schaetzl wrote:
Justin Mason wrote on Mon, 27 Aug 2007 14:35:39 +0100:
On the contrary, we in SpamAssassin find it useful.
I have to agree with Marc in this special case. It's not very useful. The
reason I think this is that the amount of domains that use SPF is scarce,
*really* scarce. I kept an eye on this for some weeks with the help of
milter-spf and less than 5% of all mail had SPF. It may be helpful for
some people, for instance to avoid greylisting or so, but as it is not
much in use I don't find it very useful.
Kai
I agree. And SPF breaks email forwarding and spammers can set SPF records as
well. SPF is useless.
[Rick Cooper]
Not true, proper implementation does not break forwarding. And for spammers
using bots they pretty much have to use a rule that allows the whole world
to send for them (like +all) . We deny mail from anyone who uses things like
+all, \d+\.0\.0\.0\/2, etc. If they publish valid, accurate SPF records then
they have taken responsibility for their spam and helps with complaints.
Last of all, if everyone used SPF it would certainly render most joe-jobs
useless. It really pisses me off if I get a bunch of back-scatter from a
joe-job when our SPF records list all hosts allowed to send in our name, and
hard fail all others. While I don't get huge numbers of SPF fail I get
enough that I find it very worth while. I also fail a fair number of +all
type records and when you look at the hosts you see a lot of dsl/cable hosts
which would lead one to believe they are certainly bots.
SPF would do a better job if it were used by more systems, especially in the
area of forged addresses.
Rick
--
This message has been scanned for viruses and
dangerous content by <http://www.mailscanner.info/> MailScanner, and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
