On Fri, 13 Jul 2012, David F. Skoll wrote:
SPF has *never* been advocated as an anti-spam measure by the people who developed it.
Agreed, but that does not mean under certain circumstances it cannot be useful as a spam indicator.
And looking for +all or ?all is not enough; you can easily simulate +all with ip4:0.0.0.0/1 ip4:128.0.0.0/1 or countless other combinations.
If checking for +all is justified then checking for */1 through */8 would probably also be justified, perhaps with firing different rule so that a different score could be applied.
So I think my stance will be proven correct: In general, one should only ever penalize domains for failing SPF. You should never treat an SPF "pass" as something good except for specific trusted domains.
So does that mean it may be legitimate to treat an SPF PASS as "something bad" if the SPF rule is defined in an "abusive" manner?
-- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- Activist: Someone who gets involved. Unregistered Lobbyist: Someone who gets involved with something the MSM doesn't approve of. -- WizardPC ----------------------------------------------------------------------- 3 days until the 67th anniversary of the dawn of the Atomic Age
