spf-discuss
[Top] [All Lists]

Re: [spf-discuss] SPF purely based on SPF?

2007-10-10 06:12:22
On Wednesday 10 October 2007 04:39, Per Jessen wrote:
I've just "met" the 2nd Swiss provider rejecting emails purely based on
SPF.  The first one was back in july, and they switched it off fairly
quickly.  The most recent one is looking into exactly what they want to
do about it.

I was just wondering - does anyone have a feeling for how common it is
for a provider to reject emails purely based on an SPF check?

This is how SPF was meant to be used (RFC 4408 is unfortunately wishy washy on 
this).  Every open source SPF checking implementation (distinguishing from 
stuff like SpamAssassin that includes SPF checks, but only as part of a 
larger anti-spam effort) that I'm aware of defaults to do this.

The major risk associated with this is rejecting transparently forwarded mail.  
For many (dare I say most) users this is not significant.  There are a 
variety of solutions.  Whitelisting forwarders from SPF checks is I think the 
best.  One of my design goals for the Postfix policy server I'm developing is 
to provide tools to do this via database on a per user basis so it will scale 
better.

Scott K

-------------------------------------------
-----------------------------------------------------------------------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735
Powered by Listbox: http://www.listbox.com

<Prev in Thread] Current Thread [Next in Thread>