On Mon, 31 Jul 2006, Ramprasad wrote:
I have enabled spf policyd in postfix. But that is giving me no benefit
because all these big domains publish neutral records
So what is the point in doing spf checks at the MTA. I would better do
them at spamassassin and use them for scoring
Or can I configure policyd to reject SPF_NEUTRAL for hotmail.com.
How can that be done, ( what about non compliance to SPF )
The SPF RFC only says that NEUTRAL must be treated the same as NONE.
Beyond that, it is entirely up to local policy how you respond to
SPF results. Rejecting on NEUTRAL/NONE is certainly an eventual
goal of SPF, but not practical at the moment.
With so many customers, you have to be careful what you reject.
As a smaller operator, I track domain reputation, and reject on
NEUTRAL/NONE for domains with high spam stats in mail I receive.
This ends up rejecting on neutral for domains like aol.com.
If you were to emulate my policy, the practical consequence for AOL users
would be that you will reject their mail unless they send it through
AOL - they can't use their AOL address as MAIL FROM in random email clients.
The same goes for hotmail, etc.
The bottom line is that you should probably not reject based *solely*
on NEUTRAL/NONE SPF result. But it should certainly be part of a
local policy that also includes reputation, spamassasin, etc.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com