David Brodbeck wrote:
Matthew(_dot_)van(_dot_)Eerde(_at_)hbinc(_dot_)com wrote:
Nah. Create SpamAssassin rules like
SPF_FORGERY_PROBABILITY_UNDER10
SPF_FORGERY_PROBABILITY_10TO40
SPF_FORGERY_PROBABILITY_60TO90
SPF_FORGERY_PROBABILITY_OVER90
that are worth positive or negative points.
Okay, I get it. But I don't see it as a big win. If I'm to
the point
where I'm running SpamAssassin, that means I've at least
already gotten
to the DATA phase of the connection. In that case, there are better
tools than SPF at my disposal, like Bayesian filtering. I see SPF as
mainly useful in the pre-DATA phase. I recognize there's room for
debate here, though.
I think most domains will run black/white SPF domains where the authoritative
constants are all 1, with a final 0all. But it's still a good idea to build
flexibility into SPF to encourage adoption. Especially for domains who use
email providers to send newsletters or advertising campaigns etc. Allowing a
heirarchy of authoritative-ness will help out domain owners who worry about
things like "well, I suppose some 'email this page to a friend' tool out there
*might* be legitimately used by one of our users...", but who want to gain the
benefits of SPF verification for the majority of their email traffic.
Matthew(_dot_)van(_dot_)Eerde(_at_)hbinc(_dot_)com
805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"