I am suggesting that the second SPF test could be setup to be performed ONLY IF the FROM header contains an address that is in BlockStrictSPFre That would eliminate all false-positives but still catch the scammers
..................Bob -----Original Message----- From: GrayHat [mailto:[email protected]] Sent: Friday, 11 November 2011 12:32 a.m. To: 'ASSP development mailing list' Subject: Re: [Assp-test] Whitelisting > Quite right, thanks :) > ASSP defies (unavoidably) a whole bunch of RFCs so that part isn't > new. The fact that testing of the FROM header is not specified in the > SPF framework is not in itself a problem. Oh, not a problem, for sure and I know that sometimes one has to... how to say .... "interpret" the RFC to get out of the maze <grin> > I have mitigated the problem to a large extent by.... [...] Well, that's a way, but I'd really like to be able to have an option to let ASSP only run SPF checks on the envelope sender (as it did in a past); nothing else > Setting SPF to score, not block (except for BlockstrictSPFre which is > limited to high risk phishing targets such as banks and govt > departments)....... Hmm... not so good imHo, see, if ASSP gets an SPF with "-all" then it should *block* the message if the SPF test fails, not score it; all in all, if the sending domain owner asked this, I can't see why we shouldn't respect his will :) ! > ------------Thomas, any chance of having ASSP check the FROM header > against BlockstrictSPFRE first, and only performing the second SPF > test when there is a match? Hmm... would you please expand it a bit, not sure I understood it correctly, sorry ! ---------------------------------------------------------------------------- -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
