Marc Perkel wrote on Thu, 25 Feb 2010 09:29:48 -0800:

> The anti-SPF bandwagon is not ego driven but results driven. Than you 
> for admitting that SPF in not a spam filtering solution. However it is 
> also not a white listing solution because as many people have said here 
> - spammers are the ones who are using SPF correctly.

You make the same mistake again. 
SPF is for assuring that mail with a certain sender domain was sent from a 
mailserver that is allowed to send mail for that domain. Nothing more, 
nothing less. 
It's for instance often used to have mail bypass greylisting as it doesn't 
make sense to greylist mail from an apparent mailserver.
This has nothing to do with spam. Certain combinations of SPF results and 
other stuff may typically indicate a spam or ham, but in general you just 
get a validation if that server was allowed to send. That is, by 
definition, whitelisting. If SPF was adapted 99% (and always strict with 
no allowance of not-listed servers), then you could also do blacklisting 
based on this. Still, this doesn't mean that you can use it for bland-and
-white spam-filtering. You could just reject *some* spam (that is now 
rejected by RBLs and access lists, anyway).
The only problem here is that a loose SPF definition can include all 
servers. To allow this was a big mistake. If someone doesn't want to 
restrict themselves to a certain range of servers, then they shouldn't use 
SPF.


Kai

-- 
Get your web at Conactive Internet Services: http://www.conactive.com



Reply via email to