Hi folks, due to its negative effects on mail forwarding I've resisted touching SPF for a long time (I know mail users should not simply forward their mail, and the effects can be mitigated with SRS, but some users simply can't be bothered to configure multiple accounts and access them properly in their mail client).
So this weekend, I've implemented an SPF check (with appropriate exceptions for the known forwarding hosts used by our users) into our spam blocking framework. This currently only puts mail on hold, doesn't outright reject it. After one night, what I've found is not a single spam mail was held due to SPF fail or softfail results, but I learnt of several forwarding hosts in use by our users that I was unaware of before, probably because they do good inbound spam rejection themselves. The SPF check in our case runs after all the other rules have been exhausted without giving a result, so apparently our current set of rules (blocking dynamic address ranges, known spam supporting ASNs, questionable DNS providers, cloud providers with some whitelisting exceptions) seems to be good enough to catch all or most of the junk. In addition, manual checks against spam mails from hosts on spam-supporting or indifferent network IP ranges shows that spammers provide SPF records for their domains, of course, so properly applied SPF is bound to have a significant percentage of false negatives. So, there are much more false positives and false negatives than I'm willing to accept. But obviously others have different experiences, otherwise they would not publish SPF records and check them on mail reception. In your experience, where does SPF really help? What are the use cases that I don't see in my spam-blocker tunnel vision? Cheers, Hans-Martin _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
