On Thu, 24 Feb 2005, Julian Mehnle wrote:
Of course not. The question is what the policy means. "v=spf1 -all", for
instance, does _not_ mean that all mail from the domain in question should
be rejected. It means (and you should assume that it means) that all mail
claiming to come from that domain is illegitimately using that domain in
the sender address. It is up to the receiver what to do with such mail.
For instance, the receiver could decide to accept such messages and
feed them to a bayesian filter as spam, then archive them for use in
testing new content filtering algorithms.
While SPF FAIL is almost certainly spam (unless the sender or
receiver made a big configuration boo boo), SPF PASS does not mean
the mail mail is legit. In fact, the majority of my SPF PASS mail
is spam. However, an SPF PASS makes it easy to blacklist the domain
(a primitive form of domain reputation), without fear of blacklisting
the victim of a joe job.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.