Le mardi 16 novembre 2010 à 07:48 -0800, Marc Perkel a écrit : > > On 11/15/2010 10:25 AM, David F. Skoll wrote: > > On Mon, 15 Nov 2010 08:07:43 -1000 > > Alexandre Chapellon<alexandre.chapel...@mana.pf> wrote: > > > >> I use it just the same for the domains I have complete controm over. > >> Unfortunately, be aware that this setup maybe forbid your legitimate > >> emails to be forwarded by a foreign host: > > Yes, this is a deficiency in SPF. It would be nice if everyone used > > SRS, but it's impossible to enforce that. (DKIM got this right with > > the "d=xxx" declaration in the DKIM signature header.) > > > > We, like you, don't worry about broken forwarding. Very few > > organizations check SPF, and the number of those organizations who > > have Yahoo, etc. users forwarding to them is even smaller. > > > > Regards, > > > > David. > > > > Except SRS is also a broken technology create to fix a broken technology. > > SPF used to block returns a lot of false positives, it blocks 100% of > forwarded email. >
Some mail services (gmail does) rewrite return-path when forwarding email. This avoid mails being rejected an thus not 100% of forwarded emails is rejected by spf enabled servers ;) > Spammer can and do use SPF so it's not a good white list either. > Indeed SPF should not be used as a whitelisting technic. Using it for scoring seems to be a good deal. > I've found two uses for SPF (Up from 0) > > If SPF is correct and the domain is in my white list then I'll pass it > as white. By correct you mean resul "pass" or all but "fail"? > If the SPF is wrong and there are several other sins like bad RDNS or > bad HELO then I might add some points. Bad SPF also allows me to detect > what servers are forwarding email to me. > > Other than that - it just plain doesn't work. > > -- Follow us on: twitter https://www.twitter.com/manainternet
