On Wed, 23 Mar 2005, David Macquigg wrote:
There's no need to check SPF when you're going to reject the message
based on bad recipient addresses, bad HELO information, local blacklists,
or accept it based on local whitelists, etc.
The SPF check has to be done first, or you will pass a message just because
it claims to be from aol.com. I think what you are suggesting might work
Not true. He said "if your going to REJECT the message based on ...".
He did not say anything about passing the message prior to SPF.
If my policy says to REJECT any message claiming to be from
"ownitmortgage.com" (one of ~1500 in my blacklist), I really could not care
less whether it was forged.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.