Neil Brown wrote:
people who think that MARID and/or SPF are cheap ways
to curb spam and/or phishing schemes are simply wrong.
It isn't that easy.
You missed my point: people will use MARID and SPF in any way they see
fit, not according to the way the IETF think they should. This has been
proven over and over.
SPF only has real value when it says "pass" - the
return address looks valid. When it does that, you
can reliably check the address against a white list
or black list, and can return advisor messages to
the address. When it says "fail" or "neutral" or
"softfail", you can add that as a negative weight
to heuristic spam filtering. The more sites that
publish reliable SPF, the more negative the weight
can be.
I understand this, nevertheless people that have chosen aggressive spam
filtering techniques will likely see it another way, which is more black
and white: fail = dump, anything else = process through
white/blacklists, heuristics, etc.
Michel.