Hey Jeroen, > SPF is only a part of a solution to the battle of spam.
SPF isn't suited to combat SPAM at all (including the whole other DKIM etc enchilada), since it's quite trivial for spammers to define these records correctly in throwaway domains. Thus, no reasonable spam filter can honour (in a positive way) the presence of an SPF record, they can only punish the connection if there is an SPF record and the connection is in violation of that record. The really only benefit you could get from SPF is some kind of antispoofing protection, but at least in my experience, that is hardly ever a real problem to begin with. > It helps a lot to combat broken setups. > > If a setup is broken, they are not worthy of receiving mail in the first > place. > > Thus, if you hate on SPF, I can only conclude you have shot yourself in the > foot a lot with it. No, I hate SPF because it breaks basic SMTP relaying, or in more enduser speak: redirected mails. Mail is _NOT_ always delivered directly from origin to target, it is quite frequent, that mails get redirected to 3rd party systems. Some SPF advocates just accept their mails failing because they consider mail redirects to be evil. Fine. To really fix those redirect issues, _all_ possibly relaying servers would have to adopt some kind of sender rewriting scheme, which as far as I recall, can blow up sender email addresses to sizes that will exceed RFC standards in very few iterations. Also, in these cases the relaying server will originate 3rd party mails with its own domain name, possibly turning it into a spam funnel. So, for me, SPF is broken by design, and no amount of additional tinkering around its pitfalls will fix that. Cheers, Markus _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
