On 7/5/2010 1:10 AM, Kelson Vibber wrote:
On Jul 4, 2010, at 11:57 PM, Marc Perkel wrote:
It's not even useful for white listing as spammers can set up SPF too.
That's not how whitelisting on SPF works.
You don't whitelist *solely* on the presence of SPF.
You whitelist the *combination* of a domain that you want and a positive SPF
match.
Let's say you want to whitelist mail from example.com, and you don't want to
worry about keeping track of their outgoing servers. You set up whitelisting
using SPF such that...
1. Mail from example.com that doesn't pass SPF => neutral, go through normal
filtering
2. Mail from example.com that DOES pass SPF => whitelisted
3. Mail from random spammer's domain that passes SPF => neutral, go through
normal filtering
Multiply steps #1 and #2 by however many domains you want to whitelist, and
it's a lot more convenient than keeping track of all their IP addresses
yourself, especially if they have a lot of them or change them from time to
time..
That's how SpamAssassin uses SPF to whitelist mail. (See the docs for
whitelist_from_spf and similar rules.) Notice that it really doesn't matter
whether spammers set up their own SPF rules.
Actually, you could make use of spammers' SPF records in some circumstances by
adding a fourth possibility:
4. Mail from known spammer's domain that passes SPF => blacklisted
OK, that fourth possibility isn't likely to crop up very often, but it's still
taking advantage of spammers using SPF...which, once again, doesn't interfere
with SPF's usefulness as a component of whitelisting.
BTW - does anyone have some big list of domain that when combined with
SPF make a good white list?
--
Marc Perkel - Sales/Support
supp...@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3400
