On Wed, 22 Apr 2009, jared r r spiegel wrote:
>On Thu, Apr 23, 2009 at 12:30:28AM +0000, Stuart Henderson wrote:
>
>> I see a tiny little problem with this method... sometimes people send
>> spam from domains whose DNS they control.
>
> +1
>
> i think part of the success i experience using SPF as a means to create
> whitelists is in the fact that i maintain the list of domains i fancy
> whitelisting. unfortunately, it would be trivial for someone to take
> advantage of an spf-based automatic whitelist to slip right on thru
> spamd(8).
>
> it's a pisser.
What might make sense is to alter the script to generate a list of
canditates for whitelisting, but only apply any of them after they are
manually approved.
Dave
--
Dave Anderson
<[email protected]>
