On Wed, 2009-04-08 at 23:49 +0200, mouss wrote: > Matus UHLAR - fantomas a écrit : > > Even if that record would be listed in SPF? > > > > SPF again? any spammer can buy a domain and add arbitrary IPs to the SPF > record. you know about fast flux, right?
You are thinking of SPF at the wrong layer. It is a "non-repudiation" tool. When I create an SPF record, I am asserting that anything that matches that policy is my responsibility. Whether you might want to whitelist (or blacklist!) anything matching that policy is a function of my perceived reputation to you. But at least it gives me a clue. There is no reason to send a DSN in response to a message that fails SPF. And there is no reason to accept a message on a whitelist if it fails SPF. -- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com
signature.asc
Description: This is a digitally signed message part