In
<Pine(_dot_)LNX(_dot_)4(_dot_)44(_dot_)0610030939070(_dot_)21313-100000(_at_)bmsred(_dot_)bmsi(_dot_)com>
"Stuart D. Gathman" <stuart(_at_)bmsi(_dot_)com> writes:
OTOH, I need an SPF PASS result (real or guessed) before I can safely
auto-blacklist domains that send spam to random recipients.
I'm not sure what you are saying here Stuart...
While I can see wanting an SPF Pass before deciding whether the domain
should be blacklisted or not, I can't see a reason to not immediately
reject a domain that has been blacklisted.
If a domain is known to send mostly good email, then I can see having
an SPF Pass override some other anti-spam checks.
However, if a domain is known to send spam, then I doubt that anyone
who forges that domain would be *less* likely to spam than the domain
itself. So, whether the spammy domain passes or not is irrelevant.
I guess I still don't see why it wouldn't be better to see if you
received a valid RCPT TO before doing any SPF or DNSBL checks.
-wayne
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com