-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Stuart
D. Gathman
Sent: Wednesday, March 23, 2005 1:17 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Re: DNS load research
On Wed, 23 Mar 2005, David Macquigg wrote:
There's no need to check SPF when you're going to reject the message
based on bad recipient addresses, bad HELO information, local
blacklists,
or accept it based on local whitelists, etc.
The SPF check has to be done first, or you will pass a message
just because
it claims to be from aol.com. I think what you are suggesting
might work
Not true. He said "if your going to REJECT the message based on ...".
He did not say anything about passing the message prior to SPF.
If my policy says to REJECT any message claiming to be from
"ownitmortgage.com" (one of ~1500 in my blacklist), I really
could not care
less whether it was forged.
A domain based whitelist would be enhanced by SPF checks. For those I would
imagine you do care if they are forged.
Scott Kitterman