On 2015-07-09 15:07, Dianne Skoll wrote:
Just as SPF "pass" is a mild spam indicator nowadays
Huh? Last I looked, somewhere near 80% of my legitimate mail flow passes SPF. It wouldn't shock me if this has gone higher.
While a lot of spam does too, SPF:PASS alone doesn't really mean anything, but rather, it should be used as a way to indicate that the mail comes from an IP authorized to use the domain in question (or not). SPF FAIL/SOFTFAIL is often a bad sign (it either indicates forgery OR misconfiguration, so you can treat it with suspicion), but SPF PASS is meaningless on it's own.
I'd suggest that SPF:PASS means you can rely on domain based logic (trusts/whitelists/reputation) rather than only IP based logic, allowing you to safely whitelist "example.com" without guessing what IPs example.com uses (and might use tomorrow.)
-- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren
