Elazar Leibovich wrote:
Thanks! That's about the tool I've needed.
But do you have experience with it? Does it has many (any) false
positives? Will it reject many valid clients?
SPF is not about guesswork and "false positives". For one, it requires
the active participation of every domain you wish to be safe about.
Since that's probably less than 1% of the domains in today's Internet,
you cannot just refuse mail from domains which don't participate in the
SPF game. The only thing sensible to do right now, is to refuse messages
which fail the SPF test for the domain they *claim* to come from;
everything else should be considered neutral.
The result? You'd be still left with as much scams coming from random
info domains, but when it comes to some high-profile domains which
already deployed SPF (microsoft.com, ebay.com, gmail.com,
hotmail.com...), you'd filter out all scams pretending to be them.
Note that SPF is not something reserved for high-profile domains. Every
Nigerian scam domain can deploy SPF and then it'll be verifiable fair
and square. So, no easy way of killing off all those Nigerian scams? You
betcha there isn't.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]