[Mimedefang] Integrating SPF...
Alan Premselaar
alien at 12inch.com
Tue Mar 29 23:55:47 EST 2005
John Von Essen wrote:
[snip]
> I am looking into SPF plugin for SA now. Does anyone know how it handles
> domains with no SPF record? I would assume that if no SPF exists, then
> forgeries are not penalized for that domain. Just need to make sure
> before I turn this plugin "ON" in production.
>
basically SA handles SPF in the following way (from my experience):
if SPF is non existant, no SPF rules fire
if SPF is existant and softfails, an SPF_SOFTFAIL rule fires with very
few points
if SPF is existant and hardfails, an SPF_HARDFAIL rule fires with
slightly more points
if SPF is existant and passes, an SPF_PASS rule fires with fairly low
negative points
overall, the SPF scoring is low enough to have *very minimal* impact and
is not designed to be used for rejection based on SPF.
> One other thing (feel free to email me off list), what is the difference
> between Sender ID and using SPF records? Or are they the same thing....
> I like SPF, I like the fact that you control it within your own domain
> via your DNS server. When I hear Microsoft talk about Sender ID I get
> nervous, I envision some type of paid subscription to be listed on some
> central repository that Microsoft controls!
I haven't been following the progress of Sender ID, so I can't offer you
any information about it. sorry.
HTH
alan
More information about the MIMEDefang
mailing list