On Wed, 2005-01-05 at 03:56, Stephane Bortzmeyer wrote:
I use a different Received-SPF, with
prefixed words (SPF-pass, SPF-fail, etc), which allows bogofilter (the
bayesian filter I use) to learn by itself that SPF failures are
probably spam and that a SPF pass is a good sign:
This is bogus considering that SPF is meant to detect forgery, not
spam. This simplistic classification of:
SPF failures => probably spam
SPF pass => a good sign (whatever that means)
is using SPF for the wrong purpose. I assume "a good sign" means "a
good sign that it is not spam" not "a good sign that it most definitely
is spam (in contrast to 'probably spam')", although binding either one
to SPF results is highly questionable. This scheme falls down in the
face of spammers using SPF, which we know at least some do now
(http://www.google.com/search?q=spammers+using+SPF (although I think a
significant number of those reference the same research, but this has
been discussed a number of times on this mailing list)). Keep in mind
that we want EVERYONE to publish (including spammers) and enforce SPF
records in order for reputation systems to work. Saying that bayesian
scoring against authentication and authorization headers is good without
qualifying it with "in the extreme short term" is doing a disservice to
the spam filtering and misrepresents the intent of SPF. The simplistic
mapping above WILL have to be changed when SPF is more widely deployed.
In the mean time, you risk false positives and ignored email (because it
may end up in a spam folder).
Andy.