If you guys want to argue about SPF, please at least keep the
thread separate from the BCP discussion so we can ignore it
I'm well aware of SPF (and DKIM, and SenderID). Whatever their
theoretical merits, I don't consider them worthy of serious
operational consideration, as spammers/phishers already have the
ability to render them moot whenever it pleases them to do so.
For domains I trust (including all banks I do business with), I use
SPF to allow stuff they send me to bypass spam filters. That enables
those filters to be much stronger for stuff that looks like bank
How would you suggest a spammer can render that moot?
Asrg mailing list