spf-discuss
[Top] [All Lists]

RE: Dealing with SPF problems

2005-04-05 06:40:39

I understand that, but for many domains on a shared MTA, NEUTRAL is the
best one should do.  Treating NEUTRAL that matches a mechanism and NEUTRAL
from ?all the same combines two different things into one.

This difference can be hard to tell in practice. There are many ways to
setup a SPF record that ends in -all, but in reality is closer to ?all (or
even +all). As long as there is no easy way to count the number of
matching IP's in a SPF record, circumventing such a difference is so easy
('v=spf1 exists:{ir}._spf.example.com -all' requires only one wildcard
record to be 'effective'), that I think it is hardly worth the effort to
treat them differently.

From a SA statistical perspective you are right.  I don't think that it's
good for SPF.

I don't think SA scoring has to do with SPF at all. In my case, awarding
additional scores for certain US based ISP's says nothing about the
reputation of said ISP's. It only means that the vast majority of messages
*MY USERS* receive from them (being non-US citizens we receive very few
legitimate mail from them), are spam. Nobody would blame the nameservers
doing the reverse lookup on the IP's for that. Scoring in SA is
self-correcting anyway. Once people notice that a rule is causing too many
false positives, they will do something about it. However, if it works,
there is absolutely no reason not to use it.

Regards,
Arjen


<Prev in Thread] Current Thread [Next in Thread>