"More spam than legitimate email is currently sent using Sender Policy Framework, a recently introduced email authentication protocol. According to CipherTrust's research, 34 per cent more spam is passing SPF checks than legitimate email because spammers are actively registering their SPF records."
http://www.theregister.co.uk/2004/09/03/email_authentication_spam/
This came up on Infoworld a few days ago, with more info:
http://www.infoworld.com/article/04/08/31/HNspammerstudy_1.html
Unfortunately the report left out a key piece of information: what is the ratio of spam/legit email that *fails* SPF checks? SPF isn't pass/fail, it's pass/fail/neutral, and the vast majority of mail right now is neutral.
And really, whitelisting on the presence of valid SPF is a silly idea and not at all what it was designed for. You might as well whitelist on the fact that the sender's HELO matches its reverse DNS. If it does match, you can move on to accreditation (such as "SPF has verified that this came from knownspammer.biz, therefore I can safely reject it" or "SPF has verified that this came from mybusinesspartner.tld, therefore I can accept it with less filtering." And if it doesn't match, you can treat it with more suspicion.
-- Kelson Vibber SpeedGate Communications <www.speed.net>
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
