> Please don't assume that you have any idea how my policies are set. I'm not assuming: you've made some of them public. For example, you touted day-of-week and hour tests as effective gauges of spamminess. Note that I don't disagree at all with your conclusions about these tests. I mention such positions to show that they are certainly counter to your prior claim that RFC-compliance alone ensures legitimacy.
More important, since it would be impossible to get real effectiveness out of any anti-spam solution without following internal policies that countermand RFC compliance, it is safe to say that _everyone_ who is satisfied with Declude does not treat the RFC compliance of incoming sessions/messages as grounds for whitelisting! You simply wouldn't be here if you took that much stock in RFCs; it doesn't matter that you haven't revealed your whole config. AFAIK, the only people who treat the RFCs with that much respect are the academic anti-spam-is-fascism advocates (at least, those few who are actually sincere and not trolls for the direct matrketing industry). > Good to know, next time I have to make sure that my servers can > communicate properly with the rest of the world, I'll be sure to > check the relevant case law first. After all, I'm sure the courts > will help me do a much better job than by following the RFCs. Don't really see much there to mock, but knock yourself out. US Code protects your right to restrict the use of domains you own in any MAIL FROM. The law therefore protects your ability to publish policies for your domain that are expressly intended to affect how and where non-owners of your domain may use the domain, as long as (and I did mention this caveat before) such protection does not contradict a right expressly granted by a separate contract. There is no generic, assumed right that a non-owner has to the use of a domain. Look, I know you're very put out by SPF. You know you don't have the kind of userbase, and the kind of relationship with your users, that would let you publish a policy. That's just fine. I have clients that can't publish SPF either, so I'm not telling you that you have to find a way to make it work. I'm telling you that it does work for some very significant domains, domains with very large legal departments at that, and there is no legal argument against it. There may be an RFC argument against it -- *if* in every area you treat RFC-compliant senders as trusted senders. But I think due to the nature of this mailing list, there is a justifiable presumption of guilt in that department. --Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
