> On Friday 03 August 2007, Michael Scheidell wrote: > > (yes, spf is broken) especially when companies like hallmark, who know > > they are being used as 'phishing' targets list the whole world as > > authoritative mail servers.
That does not mean "spf is broken". MX is not broken when someone sets his MX to 127.0.0.1. It's just "their spf settings are broken". On 03.08.07 20:24, Phil Barnett wrote: > ----- Quoting from qmail.jms1.net ---- > > Some people are improperly treating "SPF pass" as a strong non-spam flag when > evaluating the "spam level" of a message. Spammers ARE taking advantage of > this by placing +all in the SPF records of the domains that they purchase for > the purposes of sending spam. What this does is tells the receiving server > that ANY IP ADDRESS is allowed to send messages claiming to be "From:" that > domain. It was already mentioned that +ALL should be penalized in spamassassin. I think even autogenerated score could be very high > Obviously this is not a good thing, for two reasons. First, spammers are > bypassing the filtering that SPF should be offering. Second, people are > placing a lot more trust in SPF than they should. An "SPF failure" result can > be used to place a lower trust value on a particular message, but as long as > spammers are able to purchase their own domain names and create their own SPF > records, an "SPF pass" result should not be used to place any higher trust > value on a message. That's basing misunserstanding of SPF conception. The fact that your ID card is fake means you're suspect. The fact that it is valid does NOT mean that you are OK - even criminals have ID cards. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. WinError #98652: Operation completed successfully.
