Re: [exim] SPF Question

Pàgina inicial
Aquest missatge és part del següent fil:
Ml'arbre de fils complet ordenat per data
MMarc Perkel en <-
MOliver Egginger en ->
Delete this message
Reply to this message
Autor: David Woodhouse
Data:  
A: Marc Perkel
CC: exim-users
Assumpte: Re: [exim] SPF Question
On Sun, 2005-01-02 at 14:23 -0800, Marc Perkel wrote:
> OK - I suppose if they looked at all the received headers and if any
> matched the SPF record then maybe it would be at least partially useful?
> Is there anything about SPF that is useful? I'm looking for ne tricks
> and this looks like a dead end to me.

SPF can't definitively state that a mail is faked. What it _can_ do is
tell you that a mail is definitely originating from an authorised
sender. Basically it can only say either "yes" or "maybe"; it can't
truthfully say "no" for an address which really does send mail.

Unfortunately it's a "no" which is the really useful result; the result
which SPF can't truthfully offer. Because it's a "no" which tells you
that you can reject the mail.

It's like having a whitelist instead of a blacklist. All you can do is
save yourself a little CPU time by not bothering to run SpamAssassin
over mail from known domains where there's an SPF 'pass' result.
Obviously that's for known domains only -- not just any domains. Lots of
spam has an SPF 'pass' too.

So it has a use, but it's _extremely_ limited and not really worth the
effort. You certainly shouldn't be rejecting for an SPF 'fail' result.

--
dwmw2




Aquest missatge es va enviar a les següents llistes de correu:
Exim-users
Informació sobre la llista de correu | Missatges propers		<-Re: [exim] SPF QuestionRe: [exim] New Snapshot - Includes Exiscan - Testers Wanted->
Tahini and Hummus and Cumin Development Archives administrat per cumin AdminsLurker (versió 2.3)