https://bz.apache.org/SpamAssassin/show_bug.cgi?id=5684
Bill Cole <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #24 from Bill Cole <[email protected]> --- (In reply to Benny Pedersen from comment #23) > +all is valid in spf, spamassassin can still consider +all as softfails if > wanted, domain users that use +all is only telling this domain does not send > mail imho Your humble opinion is incorrect. You are entirely free to hold that opinion, but SPF has a specification and your opinion does not change that specification. > i like to know how this solves dmarc spf strict rules, its not a problem as > long dmarc is not tested in spamassassin yet > > i consider it not solved yet Can you clearly define A Problem? Having read this whole ticket, I fail to see any clear statement of any problem that the proposed patch can solve or that SA should attempt to solve. SA should not be designed to punish mail senders for typos or errors by their service providers. The original hypothesis that "+all" was a useful trick for spammers in the wild was not substantiated at that time and it does not appear to be true now. SA does not substantially advantage mail hitting SPF_PASS by default. Other tools may have done so in the past but years of empirical evidence has shown that to be a low-yield practice, so most have probably abandoned it. If in fact active spammers whose spam is not otherwise trivially identified are deploying +all or its operational equivalents, code to identify that whole class of attempted SPF abuse *might* make sense to add. -- You are receiving this mail because: You are the assignee for the bug.
