On Wed, 2012-07-11 at 21:34 +0200, Josef Karliak wrote: > Good evening, > within a few days we've spams from domains that has "+all" in the > TXT spf record. > All SPF can do is check that the sender has a valid IP for that domain, i.e. that the sender's domain wasn't forged. SPF cannot and should not be used to flag mail as spam if the sender is a legitimate member of the source domain. This is regardless of whether you think the mail as spam or ham.
FWIW I think SPF's main use is in avoiding backscatter, e.g. if a spammer forged your address as sender and his target domain is bouncing rejected mail back to you. It does this well, but I don't think its of any use at all for detecting spam other than possibly adding a few points for an SPF-FAIL. However, as SPF records aren't necessarily correct (they may never have been tested properly or possibly were not updated with MX changes) how are you proposing to improve on what SA currently does? Martin
