spf-discuss
[Top] [All Lists]

Re: Re: overall paradigm shift in email, plus rambling philosophical discussion

2004-06-21 06:22:37
Frank Ellermann wrote:
in a scoring-based scheme, mail purportedly coming from a
domain that has published SPF records but not getting a
"pass" is considerably more likely to be spam than mail coming from a domain that has not published SPF records at
all.

That's IMHO a bad idea.  ?all should be the same as "no SPF".

Of course it should, that's what the spec. says.

You could still use PASS in your scoring somehow.  Or if you
have identified domains where you insist on handling ?all like
~all you could use your own overwrites only for these domains.

hotmail.com is good example here. The current caller-id record for hotmail.com has the equivalent of ?all. But virtually every mail I receive that isn't sent through hotmail (and hence comes back with a "neutral" result) is spam. Hence it would appear to be useful to score against the "neutral" result.

Now since I fiddle the scores of my own procmail-based spam filter manually, I've been able to fix this to my satisfaction. However, someone using an out-of-the-box Bayesian-style spam filter (e.g. the one that's built into Mozilla) might not be able to do that. If their MTA puts "Received-SPF: neutral" into all such mails and most of them turn out to be spam, the scoring system of that filter will weigh against the neutral result no matter what the spec. says - the filter obviously isn't aware of the SPF semantics and just scores the Received-SPF: header the same as any other. This is in fact one of the reasons the Received-SPF: header is there in the first place - see http://spf.pobox.com/newheader.html :

  When an SPF query returns any other result, the MTA should add an advisory
  header to the message of the form "Received-SPF: neutral" or "Received-SPF:
  pass". That way, a spam filter further down the road can take that header
  into account as part of a more balanced decision.

Paul.


<Prev in Thread] Current Thread [Next in Thread>