Daryl C. W. O'Shea wrote:
Marc Perkel wrote:
I'm not the one who started this discussion. I did change the subject
line when the pro SPF lobby entered my other thread and moved it off
the topic I was talking about.
Right, I forgot. Your original topic was about securing consumer
networks, something that is way off topic for this list. Worse,
there's few people on the list that can directly do anything about
securing consumer networks. There are far better places to have such
a discussion, so you're only wasting your own and others time by
discussing it here.
Regardless, your continual assertions that SPF has no utility and "is
dangerous" is what has continued this thread.
So - if you use it for whitelisting - how do you distinguish a good
sender using SPF and a spammer using SPF? Wouldn't you be
whitelisting spam?
A good sender is someone or an organization I know I want to receive
mail from. I don't whitelist random organizations, spammers, or just
anybody with an SPF record. You're failing to see the connection
between authorization and reputation assessment.
In short, I only whitelist domains/addresses I want mail from -- such
as [EMAIL PROTECTED], like in my previous mail.
If I'm not being clear, might I suggest reading the SpamAssassin SPF
plugin documentation on how exactly I whitelist specific addresses.
I think I see. So if the domain is in your white list and they have SPF
and no one will be forwarding mail from that domain to you, then you
whitelist them?
