On 2/23/2010 12:38 PM, Jeff Koch wrote:
In an effort to reduce spam further we tried implementing SPF
enforcement. Within three days we turned it off. What we found was that:
<snip>
Our assessment is that SPF is a good idea but pretty much unworkable for
an ISP/host without a major education program which we neither have the
time or money to do. Since we like our customers and they pay the bills
it is now a dead issue.
Any other experiences? I love to hear.
SPF works great as a selective whitelist in SpamAssassin. (And I don't
mean whitelisting all SPF passes. That would be stupid. I mean
whitelisting mail coming from domain X, but only when it passes SPF and
demonstrates that yes, it really came from domain X.)
I'd say that what you found is *not* that SPF itself is a disaster, but
that enforcing SPF by rejecting failures is a disaster.
It's a data point. It all depends on how you use it.
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
