John Von Essen wrote: [snip]
I am looking into SPF plugin for SA now. Does anyone know how it handles domains with no SPF record? I would assume that if no SPF exists, then forgeries are not penalized for that domain. Just need to make sure before I turn this plugin "ON" in production.
basically SA handles SPF in the following way (from my experience):
if SPF is non existant, no SPF rules fire
if SPF is existant and softfails, an SPF_SOFTFAIL rule fires with very few points
if SPF is existant and hardfails, an SPF_HARDFAIL rule fires with slightly more points
if SPF is existant and passes, an SPF_PASS rule fires with fairly low negative points
overall, the SPF scoring is low enough to have *very minimal* impact and is not designed to be used for rejection based on SPF.
One other thing (feel free to email me off list), what is the difference between Sender ID and using SPF records? Or are they the same thing.... I like SPF, I like the fact that you control it within your own domain via your DNS server. When I hear Microsoft talk about Sender ID I get nervous, I envision some type of paid subscription to be listed on some central repository that Microsoft controls!
I haven't been following the progress of Sender ID, so I can't offer you any information about it. sorry.
HTH
alan _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
