On Thu, 2012-07-12 at 13:35 +0200, Benny Pedersen wrote: > Den 2012-07-12 09:33, Josef Karliak skrev: > > > "v=spf1 +all". > > if i find a domain with just that i perm reject this domain in mta > without spf testing > That sounds like a good idea. Can the SPF plugin recognise overly permissive settings so they can trigger additional rules?
IOW it would be useful to be able to make a distinction between mail from correctly listed MX servers in a domain, e.g. "v=spf1 MX -all" and mail from a domain that is over permissive, e.g. "v=spf1 +all". My understanding is that both of these will trigger the SPF_PASS rule, which seems wrong. I'd suggest that any SPF record containing '+all' and possibly '?all' too, should trigger an SPF_PERMISSIVE rule rather than SPF_PASS so we can distinguish an authorised server in a tightly controlled domain from servers claiming to be part of a domain that doesn't give a damn. Martin
