SPF and MailScanner

[Kevin Spicer]

On Thu, 2004-01-29 at 18:17, hermit921 wrote:
> I read that SPF (Sender Permitted From) is being incorporated into
> spamassassin 2.70.  Since the idea is to not accept (reject after HELO
> step) any message that fails the SPF test, I conclude SPF can't be used by
> MailScanner.  It can be implemented in postfix, exim, sendmail, etc before
> MailScanner sees the message.  Is this a correct summary?
>
SPF is just another means to help determine the likelihood of a message
being spam or not.  It is true that many sites may eventually want to
use this to block mail, however this is not the only way to use it.
SpamAssassin is likely to use it like they use rbls, as a trigger for a
score.  So you certainly could use it with SA through MailScanner,
although this would not block the mail during the SMTP transaction (but
this is the same decision you take if you use RBLs in SA or MS rather
than your MTA.

That said, if SPF gains widespread acceptance (AOL is testing at the
moment I think, which is a good sign) and proves to be workable then
using it at the MTA level may be considerably more effective than using
RBL's in the MTA, with a much lower incidence of false positives (which
will invariably be caused by bad system administration of the senders
domain).





BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.