Kai Schaetzl wrote:
Marc Perkel wrote on Thu, 25 Feb 2010 09:29:48 -0800:
The anti-SPF bandwagon is not ego driven but results driven. Than you
for admitting that SPF in not a spam filtering solution. However it is
also not a white listing solution because as many people have said here
- spammers are the ones who are using SPF correctly.
You make the same mistake again.
SPF is for assuring that mail with a certain sender domain was sent from a
mailserver that is allowed to send mail for that domain. Nothing more,
nothing less.
It's for instance often used to have mail bypass greylisting as it doesn't
make sense to greylist mail from an apparent mailserver.
This has nothing to do with spam. Certain combinations of SPF results and
other stuff may typically indicate a spam or ham, but in general you just
get a validation if that server was allowed to send. That is, by
definition, whitelisting. If SPF was adapted 99% (and always strict with
no allowance of not-listed servers), then you could also do blacklisting
based on this. Still, this doesn't mean that you can use it for bland-and
-white spam-filtering. You could just reject *some* spam (that is now
rejected by RBLs and access lists, anyway).
The only problem here is that a loose SPF definition can include all
servers. To allow this was a big mistake. If someone doesn't want to
restrict themselves to a certain range of servers, then they shouldn't use
SPF.
SPF will never be 99% adopted until it actually does something that is
significantly useful. Using it as a white list to bypass a grey list
isn't what I would call significantly useful. SPF fails the "actually
works" test.
