Marc Perkel wrote:
Daryl C. W. O'Shea wrote:
Marc Perkel wrote:
So - if you use it for whitelisting - how do you distinguish a good
sender using SPF and a spammer using SPF? Wouldn't you be
whitelisting spam?
A good sender is someone or an organization I know I want to receive
mail from. I don't whitelist random organizations, spammers, or just
anybody with an SPF record. You're failing to see the connection
between authorization and reputation assessment.
In short, I only whitelist domains/addresses I want mail from -- such
as [EMAIL PROTECTED], like in my previous mail.
If I'm not being clear, might I suggest reading the SpamAssassin SPF
plugin documentation on how exactly I whitelist specific addresses.
I think I see. So if the domain is in your white list and they have SPF
and no one will be forwarding mail from that domain to you, then you
whitelist them?
For some domains I whitelist the entire domain (like [EMAIL PROTECTED]), for
others I only whitelist the particular address (like
[EMAIL PROTECTED]).
It doesn't matter if there's any forwarding involved (when whitelisting
the original sender domain). If the envelope isn't rewritten there's
nothing gained if it doesn't pass SPF, but there's also nothing lost.
If the envelope is rewritten, or it still passes, great.
Of course whitelisting the actual address that is forwarding the mail
would be foolish.
Daryl
