On Thu, 12 Jul 2012 21:37:36 +0100 Martin Gregorie <mar...@gregorie.org> wrote:
> True enough. I just wanted to provide a concrete example of extra > stuff the plug-in could do and why that could be useful. It hadn't > occurred to me until just now that SPF_PASS can be triggered by > slovenly and/or careless SPF configurations as well as by careful > set-ups and that this fact prevents you assigning any spam-related > value to an SPF_PASS indication and reinforces my argument about SPF > being useful against backscatter and not much else. SPF has *never* been advocated as an anti-spam measure by the people who developed it. And looking for +all or ?all is not enough; you can easily simulate +all with ip4:0.0.0.0/1 ip4:128.0.0.0/1 or countless other combinations. So I think my stance will be proven correct: In general, one should only ever penalize domains for failing SPF. You should never treat an SPF "pass" as something good except for specific trusted domains. Regards, David.
