spf-discuss
[Top] [All Lists]

Re: [spf-discuss] SPFv3 idea: recipient domain macro for exists

2009-07-21 14:56:26
On Tue, 21 Jul 2009 09:46:58 -0400 (EDT) "Stuart D. Gathman" 
<stuart(_at_)bmsi(_dot_)com> wrote:
On Tue, 21 Jul 2009, Scott Kitterman wrote:

On Tue, 21 Jul 2009 13:06:54 +0200 Alessandro Vesely 
<vesely(_at_)tana(_dot_)it> 
wrote:
...
SpamAssassin is an example. It interprets Received headers, determines 
the addresses and reckons how SPF authorizations contribute to a 
message spamminess. SA may be configured to whitelist_by_spf on a per 
mail domain basis. I'd guess this use of SPF outscores rejecting 
forgeries before DATA.

Agreed.  To the extent I'm aware of it, all large providers that check 
SPF 
do it post-SMTP.  The timeline for DNS lookups is believed to be 
problematic at high volumes.  I have a theory that needed data will be 
in 
the local cache almost always, so it won't have a major effect, but I've 
never been in a position to test this with data.

I would hope SA can be configured to use the Received-SPF header instead.
Shouldn't a large provider throw in a milter/plugin/SMTPsink/whatever
to add Received-SPF at SMTP time, even if no rejecting is done?

It does consume Received-SPF instead of doing its own lookup if it's 
available.

Scott K


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com