On Tue, 21 Jul 2009 13:06:54 +0200 Alessandro Vesely
<vesely(_at_)tana(_dot_)it> wrote:
...
hopefully no "wild" implementations leave it so late
SpamAssassin is an example. It interprets Received headers, determines
the addresses and reckons how SPF authorizations contribute to a
message spamminess. SA may be configured to whitelist_by_spf on a per
mail domain basis. I'd guess this use of SPF outscores rejecting
forgeries before DATA.
Agreed. To the extent I'm aware of it, all large providers that check SPF
do it post-SMTP. The timeline for DNS lookups is believed to be
problematic at high volumes. I have a theory that needed data will be in
the local cache almost always, so it won't have a major effect, but I've
never been in a position to test this with data.
Scott K
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com