> i think part of the success i experience using SPF as a means to create > whitelists is in the fact that i maintain the list of domains i fancy > whitelisting. unfortunately, it would be trivial for someone to take > advantage of an spf-based automatic whitelist to slip right on thru > spamd(8). > > it's a pisser. >
Spam Permitted From is broken as designed. It is most commonly deployed on throwaway spam domains. What a surprise! -Bob