On 2015-02-12 11:27, Martin Gregorie wrote:
On Thu, 2015-02-12 at 15:07 -0400, francis picabia wrote:
SPF works as designed. Forget SPF.
Quite: the only real use for SPF is to prevent you inadvertently
spraying innocent people with backscatter. If the sender has been forged
by a spammer and your MTA can't deliver it (usually because the spammer
used an unrecognised recipient name) then an SPF check will show that
the sending IP is wrong and your MTA can drop the message in the bit
bucket rather than sending a reject message to the owner of the forged
sender address.
Not at all. SPF is very useful for whitelisting by domain, without
having to guess at what IPs a sender uses today, might use tomorrow, and
without having to trust every single thing coming from that IP space.
SPF based whitelisting trivially allows you to whitelist all mail from
@example.com even if they use Google Apps and you don't want to blanket
whitelist Google Apps. And it will still work when they transition to
another provider and don't think to tell you.
It's not effective as a blacklist, nor a spam filter. Nor should it,
that's not it's design goal; SPF does a /great/ job at telling you when
a message is directly from a legitimate sender, allowing you to act
accordingly.
DKIM is similar, it excels at identifying legitimate messages, using
cryptography that survives forwarders rather than using IPs. More
complicated to implement, but ultimately, technically, a better solution.
In both cases, it helps you pick out legitimate mail from wanted senders
which can benefit spam filtering by allowing to you be just a little bit
more aggressive against unknown senders without raising false positives
too much in the process.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
