I wonder if any of you have done any analysis of how much spam email
is SPF-valid?
For many years, one of my main spam defences has been a reasonably
aggressive greylisting strategy. This works well at never seeing the
spam from the "fire-and-forget" spambots, but it has the downside of
occasionally delaying genuine mail by a few minutes (or up to an hour,
depending on the sending MTA's retry strategy), which is particularly
annoying when the genuine mail is sending me a one-time code.
Of course, the greylisting doesn't work on any spambot that works like
a real MTA and retries.
So I was wondering what difference it would make if I exempted
SPF-valid mail from greylisting. Does one see lots of fire-and-forget
but SPF-valid spam?
(And the reason I'm asking rather than measuring is that I would have
to go to the trouble of setting up SPF - I run Debian, and haven't yet
found the need to switch to stock Exim where SPF is a simpler setup.)
