On Mon, Mar 08, 2004 at 06:24:08PM -0500, Rose, Bobby wrote: > But if your using SpamAssassin or some other scoring based spam software > what difference does it make since it's merely just another test like > the RBLs. >
The difference is that the ultimate configuration for advertised SPF records includes "-all", which tells the receiver "drop anything I haven't told you about on the floor." The equivalent receiving side of this is, "drop anything without an SPF record on the floor." It won't happen immediately, but it will happen. In fact, it may well be used as leverage to ensure SPF penetration, which I think is somewhat underhanded. Yes, SPF is titularly "just another scoring system." However, the existence of "-all", and the checks performed before the message is even completed, much less spooled, makes it less of a scoring system and more of a distributed blocklist. SA didn't really catch on until the type I and type II error rates were well-established (that's false-positives and false-negatives in statistical terms). If all SPF did was contribute a score, that'd be one thing. But it also quietly drops email based on the envelope-from. That bothers me, and it's going to bother a great many other people as word spreads. People are STILL annoyed by false positives from antispam systems. But they're able to deal with them, because they can recover from them. You can't easily recover from a 550, 421, or 221 you're never told about. Finally, it's a scoring system that forces architectural changes in order for it to be effective. I'd argue that one of the reasons SA and other score-based systems are becoming as popular as they are now is that their use is an add-on to existing services, rather than a change to them. -- Mark C. Langston Sr. Unix SysAdmin [EMAIL PROTECTED] [EMAIL PROTECTED] Systems & Network Admin SETI Institute http://bitshift.org http://www.seti.org
