>Len I know you have spoken for SPF/DMP several times on this list and most >of us probably just dont take the time to read like we should, but I finally >am, and am going to set it up. Which have you currently setup on your >servers.. either/both?
I think the SPF/DMP idea is wonderful, but first things first. If legit servers won't set up PTR + HELO hostnames correctly at this late stage in the spam war, and if we don't force the issue by having policies that insist on ptr + helo correctness, what is the point of insisting SPF/DMP? >what do you recommend for postfix... or wait for >native support? the patch is probably ok >Today I just found where a bunch of joker/subscriber complaints had been >intercepted by declude (ooops) and i'm thinking that putting a line in >smtpd_restrictions to skip the joker match if coming from a spf approved >server would be a better solution than me telling all these people to change >their revdns or making a ton of exceptions i'll have to manage. SPF/DMP is great because the records are only in the forward zone, so mail servers that can't set up correct PTR can "escape" their PTR problems by setting up SPF/DMP records. but, imo, the big picture is that the domains that set up DMP/SPF records now or soon aren't spamming us anyway, so no gain. If the critical mass hotmail/yahoo/aol/msn/earthlink would both setup DMP/SPF records for their domains AND insist on DMP/SPF records for all domains sending to them, THEN we'd have serious leap forward. To repeat an earlier point about using DNS records for validation: AOL rejects inbound mail with single criteria of no PTR, but how many of you are doing the same? So are we now saying we will not/cannot reject mail from PTR-less IPs, but we will reject mail for SPF/DNP-less domains? Len
