Hi, spammers are using SPF as protective shield well that's fact and
giving straight away credit to those domains that are publishing SPF record
would be worst thing ever done.
This issue can be handled in a way that I think can help us.
A list of trusted domains should be maintained on your site. If your mail
SPF check results in PASS assign that mail score of -5 (or if u fell better
can give more credit of being result PASS) and then check that if its from
trusted domain list if it is assign it -100. Any thing in negative score can
be regarded as good message.
Now trusted domains will be those on which u trust and you think mails from
these domains are always clean.
If message is not from the trusted domain and even if SPF check results in
PASS, I would suggest that it should be subjected to more filter scanning
like body filtering, Bayesian etc. and each filter scan can have assign its
Score based on its scanning. If message score get greater than 70-80 mark it
Spam anything between this can be handled as possible spam.
On the other hand if SPF check is evaluated to FAIL then it should be given
score of 100 and marked as spam and no other filter will be applied.
Any further decision should be made to local policy makers what to do about
message identified as spam.
In this way certain score can be assigned to each result. (Well it won't be
scanning its going to be a lot of scanning :-))
Thanks.
Shoaib.