https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5684
John Hardin <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #11 from John Hardin <[email protected]> 2010-07-05 15:34:55 EDT --- Actual example of abuse in the wild: $ dig txt nationwide.co.uk ;; ANSWER SECTION: nationwide.co.uk. 5648 IN TXT "v=spf1 mx a:mailhost.nationet.com a:mailhost2.nationet.com include:messagelabs.com ~all" $ dig txt messagelabs.com ;; ANSWER SECTION: messagelabs.com. 84771 IN TXT "v=spf1 +all" As long as this is the case SPF cannot be used to filter Nationwide Bank phishing, and a whitelist_auth/whitelist_spf against nationwide.co.uk doesn't do what you want. It would probably be a good idea to generate a lint warning on whitelist_auth or whitelist_spf where +all is present. Do we want to revisit this for 3.3.x/3.4.x? -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
