On tor 22 apr 2010 15:20:47 CEST, John Hardin wrote
It's not a good idea to whitelist on just SPF Pass. What is to prevent a spammer from publishing valid SPF records for their sources and thus whitelisting themselves to you?
yep thats the problem, here i use def_whitelist_from_spf to grey domains, and if end users whitelist let them do with whitelist_from_spf
at the same time i dont allow to have *...@domain.tld for anything that have not def_ in fron of the whitelist
Whitelisting on SPF Pass + specific trusted domains is reasonable, and the place to do that is in your MTA.
i reject softfail in mta :) -- xpoint http://www.unicom.com/pw/reply-to-harmful.html
