On Mon, 2006-04-03 at 11:58 +0100, Ian Eiloart wrote: > But, it is potentially useful for whitelisting. If there are domains that > you trust, then SPF can be used to determine whether the email is coming > from their approved IP addresses.
Yeah, that's a sane enough theory, and I did refer briefly to the fact that it can be used for whitelisting. > If they are, then you may be able to > accept the email without spam filtering. For example, I'd be happy to > accept mail without spam filtering from educational domains (*.ac.uk, > *.edu) when I'm sure that the email is coming from an institutional server. Yeah, that makes a lot of sense. I also accept mail from _servers_ which I know are competently run, and they get excepted from certain heavyweight checks on what they send me. But there are at least three flaws which would prevent me from using _SPF_ for such a task: 1. SPF doesn't cover the case of mail which just happens to be _forwarded_ through another trusted server, rather than originating there. Host-based checks do cover that. 2. SPF doesn't necessarily include _only_ the departmental servers in its 'PASS' results -- it could well include the students' subnets too, and I doubt you want to whitelist those. Because SPF is _intended_ for rejection, people have to be permissive in their records. 3. A domain which publishes SPF records isn't really likely to be considered 'competent' in my part of the world anyway :) (and the fourth is just that I wouldn't want to encourage the adoption of SPF, because too many people use it for the _wrong_ purpose -- i.e. the purpose for which it was designed.) But yes, I suppose it can sort of do the job, if you don't think about it _too_ hard. I personally would be _far_ more inclined to use CSV for that purpose, though. > SPF may not be ideal for it's intended purpose, but that doesn't mean that > it has no useful applications. Where your article says "If you use SPF, you > will be causing genuine email to be rejected." instead you should say "If > you use SPF _to_reject_email_, you will be causing genuine email to be > rejected." Fixed; thanks. -- dwmw2 -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
