Jason Bertoch wrote:
I think it's safe to say I'm not in the minority when I receive SPF-Compliant
spam. I'm looking for opinions on what we can honestly derive from such
messages regarding the sending server's IP and the sending address' domain name.
Is it wise to blacklist both, or is this yet another case where SPF has failed
to meet projections?
Spamers were among the first to jump into the SPF waggon.
The following is Table 3 from "Sender reputation In a Large Webmail Service"
http://www.ceas.cc/2006/19.pdf
=== Table 3: Authentication Breakdown: Spam
Method Frequency
Both SPF and DomainKeys 1.5%
SPF only 39%
DomainKeys only 0.5%
Not authenticated 59%
SPF helps detecting forgeries of honest domains that have configured
"limited" SPF records. nothing more.
