I have been looking through some of the responses from the spamming community
to SPF. I conclude that the real problem here is that people using naive
Bayesian filtering don't have a clue.
The problem with the Bayesisan approach is that it is very vulnerable to
counter-programming by spammers. So when SPF started to gain traction the
spammers realized that they could deter adoption of SPF by simply introducing
SPF data into their systems. After a short while the naive Bayesian schemes
would quickly generate a large negative score for having SPF data present.
The solution to this problem is mostly marketting communications rather than
First we need to get across the fact that spam filtering companies do not in
general use the naive Bayesian filtering approaches popularized by Paul Graham
and promoted by the conference at MIT.
Second we need a simple fix to deter the 'jamming' attack by spammers. The
simple fix here is to simply have a rule that says that certain featues can
never result in negative scores. SPF/Sender-ID and DKIM should be amongst them.
Third we need to promote the idea that you should not look for the existence or
even the validity of a DKIM header as being as important as the domain that is
claiming responsibility. If you can't correlate the domain to some form of
additional information you should ignore the record entirely.
NOTE WELL: This list operates according to