"Emmanuel Ormancey" <Emmanuel(_dot_)Ormancey(_at_)cern(_dot_)ch> writes:
Spammers using real domains and real addresses will configure their
SPF record accordingly, so how can the SPF record be used to
populate a whitelist ? A valid SPF record / Pass Spf check cannot be
trusted as non Spam (on the opposite, a SPF Failed check could be
rejected).
How AOL or Hotmail will implement this, as they are both talking
about whitelisting ? And how do you plan to implement this ?
I may have it completely wrong, but as I understand it what they are
saying is that having an SPF record is advantageous when whitelisting
as it protects (as long as the SPF record is appropriately 'strong')
against someone spoofing the MAIL FROM/EHLO and being accepted by the
whitelist. Mere possession of an SPF record is not sufficient grounds
for being whitelisted.