Dnia 6.12.2020 o godz. 14:12:25 Hans-Martin Mosner via mailop pisze: > night, what I've found is not a single spam mail was held due to SPF fail or > softfail results, but I learnt of several > forwarding hosts in use by our users that I was unaware of before, probably > because they do good inbound spam rejection > themselves.
Because if you look at the very idea of SPF, it is not to protect from spam. It is not possible to protect from spam by indicating which IPs are allowed to send mail for a given domain, as spam is about the *contents* of the message, and not about where it is sent from. SPF is to protect from *impersonation*, ie. someone sending mail from a fake address belonging to another domain. In times when it was quite difficult to register a domain, the spammers actually often used fake sender addresses, thus a side effect of SPF could be some protection from spam. But in no way can SPF protect from spammers who register their own domains, which can be done now in easy and automated way. Of course SPF breaks forwarding and therefore is a bad idea, but I don't want now to go further on this topic. > So, there are much more false positives and false negatives than I'm > willing to accept. But obviously others have different experiences, > otherwise they would not publish SPF records and check them on mail > reception. In my opinion they publish SPF records mostly because Google (and other "big guys") require them to. You can have trouble with your mail being properly delivered to Gmail if you don't publish a SPF record. That's the reason why for example I published a SPF record for my domain after many, many years of staying away from SPF. But I don't SPF check *incoming* mail nor plan to (well, actually, SpamAssassin - which I use - does some SPF checks by default, so I can say that in fact *to some extent* I do SPF checks on incoming mails - but only to increase a little their spam score and not reject them outright). > In your experience, where does SPF really help? What are the use cases > that I don't see in my spam-blocker tunnel vision? In my opinion the only SPF record you should care about is a record that contains "-all" as the *only* item, ie. it indicates that this domain will never send any mail. Thus you can safely reject all mails claiming to be from this domain. There are *some* domains that publish such SPF records, but there is a small number of them, so I personally don't bother. For all other SPF records, I would say: just ignore them and use whatever criteria you used already for spam filtering. SPF won't improve the quality of your spam filtering. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
