Re: SPF (was: Re: PERSONAL xxxx - KTA)
Hi,
sorry to wake this discussion up but I'm doing some SPF tests now in
our mail system.
On 7/3/07, Craig Sanders <cas@taz.net.au> wrote:
On Mon, Jul 02, 2007 at 08:19:33AM -0400, Chris Wagner wrote:
> At 07:54 AM 7/1/2007 +1000, Craig Sanders wrote:
> >you misunderstand what SPF is for. SPF is *NOT* an anti-spam system. it
> >is an anti-forgery system. SPF's *SOLE* purpose is for a domain owner to
> >decide which hosts are allowed to send mail claiming to be from their
> >domain. nothing more, nothing less.
>
> Tell that to all the people who incorporate SPF into their spam scoring
> systems. :\
forgeries are often spam, but that doesn't change the fact that SPF is an
anti-forgery system and NOT an anti-spam system.
blocking forgeries is desirable to many, whether the forgery is spam or not.
I agree with your point, be it spam or not, I am at a point where I
think if a domain has a SPF record and I get a mail from a host that
is not allowed to send I should reject it because it is not legit. It
can't be otherwise the sending host would have been listed in the spf
record (Yes I know this is somewhat restrictive).
Note: In my opinion this would just plain reject the mail because it
is something that shouldn't be there in the first place, kind of like
traffic with a source of 127.0.0.1 on an interface that is not "lo".
On the other hand if ther is no SPF Record nothing is done. I can't
tell anyway wether this mail is OK or not. I can't even judge wether
it is better or worse than any other mail for the domain.
What do you think? I think this approach isn't exactly Spam Scoring
it's more like saying "I have evidence that you are a bad guy, go
away" which occurs as soon as there is a SPF record and the host isn't
a valid sender.
\martin
Reply to: