spf-discuss
[Top] [All Lists]

[spf-discuss] Re: Does anyone actually filter by spf records?

2005-11-25 04:05:32
Kurt Andersen wrote:

Presumably the actual number is significantly higher as the
number of domains checking/enforcing SPF records is still
limited.

Unfortunately I can't really judge it, my "FAIL-test" data is
limited to what I saw when "my" spammer forged addreses at my
vanity host for two weeks this year (after 6 months last year).

*Apparently* I got less bogus bounces this year, but probably
that's a side-effect of SC's new reporting policy (last year it
wasn't allowed to report backscatter as spam).

*Obviously* "my" spammer had eough after two weeks this year,
that could be a side-effect of burning his zombies faster when
s/h/it forges FAIL-protected addresses.

Last but not least there are systems using SPF FAIL after SMTP
with e.g. SpamAssassin scoring - in other words they check but
don't really "enforce" SPF.  On a single user system that can
be good enough, if this user white-listed his 251-forwarders.

I'd prefer "reject" (= enforce), I don't trust that receivers
get "post-SMTP SPF-scoring" right.  From a spammer's POV it's
irrelevant, if he forges SPF-FAIL-protected addresses it won't
arrive on SPF-checking systems, both "enforcing" and "scoring".

                       Bye, Frank


-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com