On Fri, Mar 31, 2006 at 05:33:12PM +1200, Steve Holdoway wrote: > Neil Stockbridge <[EMAIL PROTECTED]> wrote: > > > http://www.dnsreport.com provides a nice overview of the provision for a > > > domain. > > thanks, this is a brilliant site. i didn't know about SPF before. > > > ..don't get too excited about them... they haven't caught on, and it won't > work until it does. And hey, let's forge them (:
Well, SPF won't "stop spam" until it's caught on; and it's probable that it won't catch on, now. However, if you control your mail servers, there's not much effort involved in publishing SPF, and no real downside. The presence or absence of an SPF record indicates *nothing* about the content of the message -- and most people evaluate spam by the content ;-) SPF will help prevent message forging -- if you publish SPF records, receivers can choose to reject messages that don't come from the hosts mentioned in SPF. Regardless of content ;-) which implies that you *still* have to check the incoming data for spam, but with luck you'll be processing *less* incoming email. I'll refer to one customer of mine -- they were turning over 1Gb a day in incoming spam, which was all being identified correctly by their filters. We made a change to their incoming policy, and volumes dropped to ~200Mb a day -- with no false positives. This wasn't by using SPF, but the point remains: large numbers of email can be identified as "unwanted" before having to think harder and identify them as "spam". -jim
