McDonald, Dan a écrit : > On Wed, 2009-04-08 at 23:49 +0200, mouss wrote: >> Matus UHLAR - fantomas a écrit : >>> Even if that record would be listed in SPF? >>> >> SPF again? any spammer can buy a domain and add arbitrary IPs to the SPF >> record. you know about fast flux, right? > > You are thinking of SPF at the wrong layer.
No, I am not. I was saying that the fact that one sets up SPF record doesn't mean he can use generic hostnames. maybe I was too "concise". > It is a "non-repudiation" > tool. When I create an SPF record, I am asserting that anything that > matches that policy is my responsibility. Unfortunately, this is not the general case. or more precisely, people claim responsibility too easily. yes, I do use SPF "statically" (static whitelisting of IPs after I checked their infos, or via whitelist_from_* in SA). > Whether you might want to > whitelist (or blacklist!) anything matching that policy is a function of > my perceived reputation to you. > > But at least it gives me a clue. There is no reason to send a DSN in > response to a message that fails SPF. And there is no reason to accept > a message on a whitelist if it fails SPF. > > I don't check SPF at smtp time. so it is theoritically possible that I return a bounce (disk full or so) but this shouldn't happen. and if it does, it will be fixed, without regard to SPF. the rationale is: - "bad" bounces shouldn't be sent even if the domain has no SPF record - if things are done "right", bad bounces should rarely occur.
