Hi !!
well, spf was intended to stop email forgeries (among other things),
this particular use of spf does not stop email forgeries as any spammer
could hack a computer in this isp cable zone and start using all kind
of addresses of this domain (including the ones of the isp staff)
without any problem, well, it would be better as this forged emails will
be apparently be trusted by others as they are spf protected.
I don't think that any use of SPF can protect a machine from being
hacked. :)
you are right, maybe i was too innocent, when we publish spf records
for our domain we want to say that when you receive an email from an
address within our domain from a spf authorized host we have
authenticated that user and have take proper actions to prevent him
forging any other user email address, of course, spf does not have
any way for us to express this. In fact, we could publish spf records
that allow any host on the net to use our email adresses. This makes
me thing that a 'spf pass' should be treated exactly like a 'spf none',
no assumption should be made about it. This also implies that the only
real use of spf is to refuse mails from 'spf fail' hosts and ignore
any other result.
By the way, it looks like the MAPS DUL (http://mail-abuse.org/dul/) list
does not list 213.48.36.173, but maybe it should.
I just submmited it to spamcop
--
Best regards ...
A little inaccuracy sometimes saves tons of explanation.
----------------------------------------------------------------
David Saez Padros http://www.ols.es
On-Line Services 2000 S.L. e-mail david(_at_)ols(_dot_)es
Pintor Vayreda 1 telf +34 902 50 29 75
08184 Palau-Solita i Plegamans movil +34 670 35 27 53
----------------------------------------------------------------