On Sun, May 30, 2004 at 11:51:25PM -0700, Dan Quinlan wrote: > I don't think any small set of rules is sufficient. And if you include > too many rules, then the entire point of having a negative rule is
I agree with this -- SPF_PASS isn't usable as a whitelist since the whole goal of SPF is to have spammers stop forging, and therefore switch from SPF_FAIL to SPF_PASS. > missed. We should be attempting to couple SPF pass with specific names. > For example, it should be required for our default whitelist. I don't know about "required" (we can't force these places to use SPF), but if SPF exists we should definitely use it for the whitelist. Perhaps we should modify whitelist_from_rcvd that instead of specifying the Received header we can specify a rulename (ala SPF_PASS)? Well, it should have a new whitelist name, but it's the idea really ... ;) Without that, perhaps a meta rule ala: meta DEF_WL_FORGED USER_IN_DEF_WHITELIST && SPF_FAIL this is the same idea, but doesn't require SPF records to exist at the start. -- Randomly Generated Tagline: BBSing: Files, folks and fun.
pgpRJ537JT5gb.pgp
Description: PGP signature
