--On 3 April 2006 13:59:16 +0200 David Saez Padros <[EMAIL PROTECTED]> wrote:
Hi !!
But, it is potentially useful for whitelisting. If there are domains
that you trust, then SPF can be used to determine whether the email is
coming from their approved IP addresses. If they are, then you may be
able to accept the email without spam filtering. For example, I'd be
happy to accept mail without spam filtering from educational domains
(*.ac.uk, *.edu) when I'm sure that the email is coming from an
institutional server.
spf pass is not a guarantee that any mail comming from 'pass' ip's
is not spam, in fact mail comming from that ip's could also be sent
by user applications that can forge other's users domains and email
addresses (like weak cgi applications).
True, but I know what kind of organisation is behind a .ac.uk domain
because the TLD is tightly controlled. I know that they'll take spam
complaints seriously, and I have a business reason for ensuring that we can
exchange email with them.
If I did have problems from a specific domain, I'd remove it from my
whitelist.
Here's the useful thing about SPF:
You can't whitelist a mail domain because anyone can use it. However, if
you could tie down the legitimate servers for a domain that you trust, then
you could whitelist those servers (at least for mail from that domain).
That's what SPF lets you do.
Of course, not all email from that domain will come from those servers, but
adopting SPF based whitelists gives people a reason to use the listed
servers.
--
Ian Eiloart
IT Services, University of Sussex
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
