- <[email protected]> a scris: [snip] > --- On Mon, 8/30/10, Jobst Schmalenbach <[email protected]> wrote: > > I filter all email with mime defang and I block ANYTHING > > coming with an ENVELOPE FROM from our domain, no exception. > > Is that significantly different than an SPF record of "v=spf1 ptr > -all" (i.e. block anything claiming to be you but not from a host in > your domain)? Perhaps you should be performing a generic SPF record > check instead....
In practice (at home and at work) I've seen how enforcing SPF like that breaks at least two common scenarios: * external mail aliases. Suppose I have an example.com domain which enforces SPF the hard way (-all) and an alias on a third-party mail server redirects mail sent from an example.com SMTP server mentioned in the SPF record of the example.com domain to my mail server which blocks every mail that fails SPF checks the hard way. That mail gets bounced on the third-party mail server and things get hairy... * external mailing campaigns. I don't like those either, but marketing departments have other ideas and stronger arguments, so they happen sometimes. And those campaigners use so many IP classes to send their junk that it's unpractical to include them in our SPF entries. We do have an anti-phishing check in MD for the SMTP envelope and in practice we except from this check the addresses that we use for these campaigns. That's why SPF checks in our mail systems only happen in SpamAssassin. Nevertheless, I've augmented the scores for the SPF tests in SA. [snip] -- mișu
pgpAM54QrBjKp.pgp
Description: PGP signature
_______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
