http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4811
------- Additional Comments From [EMAIL PROTECTED] 2006-03-01 19:59 ------- There are two problems with simply treating SPF_FAIL as an infallible spam indicator (and perhaps rejecting the mail at the MTA without even involving SpamAssassin?): 1. SPF_FAIL means that the mail does not match what the administrator of the domain specified in the DNS record. Does that mean that the mail is spam, or that it is a forgery for some other reason, or that the administrator of the DNS record made a mistake, that the sender misconfigured their mail client, or that there is a rarely used way for the sender to send mail that the DNS administrator didn't take into account? You can block mail based on SPF_FAIL but is that always correct? 2. SPF is not perfect. See "SPF: Ready for Prime Time?" http://infocenter.guardiandigital.com/documentation/spf.html for example, especially item 3.1 there on problems with mail forwarding. whitelist_from_spf seems like a convenient way of whitelisting people that you know have set up SPF records properly when you aren't sure what sending domain mailservers they are going to use, and you expect them to update their SPF recirds to reflect a change in use of outgoing servers faster than you will notice them having changed outgoing servers. Personally, I use whitelist_from_rcvd for everyone on my whitelist, which does mean that I have to do the work of determining what mail servers I expect them to be sending from. But I'm not depending on them setting up SPF records correctly. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
