On Fri, 2005-02-18 at 23:17 -0500, Guy wrote:
You said:
"SPF is a whitelist (+) and a beigelist (?) and a greylist (~) and a
blacklist (-)."
I disagree.
Spammers use (+), so can’t whitelist based on (+).
Well, when combined with a reputation database it can be used for
whitelisting. If you have a whitelist of _domains_ then SPF can be used
with that.
Forwarders fail on -, so can’t blacklist based on SPF.
You can only use SPF as an extra flag to help decide if an email is a keeper
or not. I had to switch from –all to ?all because of forwarders causing some
of my
email to be dropped.
Once forwarders work with SPF, or SPF works with forwarders, SPF will have
much greater value, IMO. Then I will be able to use (-all) and expect MTAs
to drop email when SPF returns (-).
That's not likely to happen any time soon. SPF pushes the burden of
adoption to the forwarders, and they don't seem particularly interested
in adapting, given that there are alternative schemes which don't have
such problems.
--
dwmw2