On 7/13/2012 4:57 AM, David F. Skoll wrote: > On Thu, 12 Jul 2012 21:37:36 +0100 > Martin Gregorie <mar...@gregorie.org> wrote: > >> True enough. I just wanted to provide a concrete example of extra >> stuff the plug-in could do and why that could be useful. It hadn't >> occurred to me until just now that SPF_PASS can be triggered by >> slovenly and/or careless SPF configurations as well as by careful >> set-ups and that this fact prevents you assigning any spam-related >> value to an SPF_PASS indication and reinforces my argument about SPF >> being useful against backscatter and not much else. > SPF has *never* been advocated as an anti-spam measure by the people > who developed it. > > And looking for +all or ?all is not enough; you can easily simulate > +all with ip4:0.0.0.0/1 ip4:128.0.0.0/1 or countless other combinations. > > So I think my stance will be proven correct: In general, one should > only ever penalize domains for failing SPF. You should never treat an > SPF "pass" as something good except for specific trusted domains.
An SPF pass should not be generally treated as good, but in this case, an SPF pass on a domain with an overly-permissive SPF record could be treated as bad. Of course, it would need to be mass-checked to make sure it doesn't hit too many hams. Looking for +all could be a starting place. Other patterns could be added as they are found in spammy domains. -- Bowie
