On Wed, 26 May 2004, Chris Drake wrote:
DT> We are having _really_ good results with SPFv1 so far.
DT> 2 months ago our e-mail was nearly unusable for the spam.
SPF's got practically nothing to do with spam - it just tells you when
someone faked a sender IF the sending domain happens to have SPF in
their DNS TXT records (rare - and even rarer that spammers would pick
one of these domains) - so - I'm guessing you're confusing SPF with
something else?
1. SPF on the HELO name is extremely effective against virus spam. Although
checking for your own domains gets 60% of it, SPF gets another 20%. And it's
simpler to just SPF them all. I posted similar statistics earlier.
2. Without directly rejecting mail based on SPF, the Received-SPF header
dramatically improves the accuracy of score based content filters like bayesian
(learning) and SpamAsassin (manually crafted rules + bayesian).
I use a bayesian filter, and I would anthropomorphize its reasoning as follows:
An SPF pass makes the message very likely legit. A spammer with SPF
will be recognized by his authorized domain (the domain will be a high spam
prob token). An SPF softfail makes the message very likely spam - but other
factors are still considered.
The bayesian filters adjust these probabilies automatically based on
actual classification of mail. The Received-SPF header basically gives
the filter some additional significant tokens to work with.
Even the partial authentication offered by spfv1 is extremely useful.
I manage 40 small business email servers. As more of their business partners
get SPF, manual whitelisting gets smaller and smaller. Hardly any
whitelist entries are left.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.