Personally, I find SPF pretty much useless. Yes, you can use
it to score some mail, but implementation is not very
widespread, so you either have to go hard-core and reject, or
accept the mail anyway, in which case, why bother?
What's "hardcore" about rejecting mail from addresses that are in
violation of published SPF records?
Chris

Thu, Aug 17, 2006 at 10:46:00AM -0600, Chris Blaise wrote:
Personally, I find SPF pretty much useless. Yes, you can use
it to score some mail, but implementation is not very
widespread, so you either have to go hard-core and reject, or
accept the mail anyway, in which case, why bother?

What's "hardcore" about rejecting mail from addresses that are in
violation of published SPF records?

The interesting question about any individual piece of
mail is, ``does the addressee want to receive it?'', not,
``through which server/s has it passed, and are they
controlled by the owners of the sending domain?''. SPF may
tell you the answer to the second question, in some cases;
this may give you evidence about the answer to the first,
but you certainly can't in general determine the answer to
the first question from the answer to the second!

Sorry for the delay, I was on holidays.
Regarding the SPF, I must have expressed myself wrongly (my english is not
good at all). I do not want to reject all the mails that do not follow the
SPF, rather the opposite.
I would like all the mails that follow the spf to be automatically accepted
withiut needing to pass through the greylist. The SPAM and non-identified
e-mail would still be managed by the greylist before coming to my mailbox.
That way I would increase the delivery og e-mails coming from big firms like
Gmail, yahoo, MSN at least that's what I think.

And I can't configure exim to do just that! My spf test lets all the e-mails
through, which is not what I want it to do.

Either way, your debat encourages me even more to install SPF on all my mail
servers.

Thu, 2006-09-07 at 08:07 -0700, aurelien wrote:
Regarding the SPF, I must have expressed myself wrongly (my english is not
good at all). I do not want to reject all the mails that do not follow the
SPF, rather the opposite.
I would like all the mails that follow the spf to be automatically accepted
withiut needing to pass through the greylist.

this may be a bad idea. the spammers were the first to configure SPF
for their servers

07/09/06, Kjetil Torgrim Homme <kjetilho (AT) ifi (DOT) uio.nowrote:
Thu, 2006-09-07 at 08:07 -0700, aurelien wrote:
Regarding the SPF, I must have expressed myself wrongly (my english is not
good at all). I do not want to reject all the mails that do not follow the
SPF, rather the opposite.
I would like all the mails that follow the spf to be automatically accepted
withiut needing to pass through the greylist.

this may be a bad idea. the spammers were the first to configure SPF
for their servers

Correct. If you check SPF, you shouldn't regard an SPF Pass by itself
as an indication of the desirability of the mail - it's simply a data
point to add to the others.

An SPF Pass combined with a whitelist reputation system, however, can
be useful to use to bypass further checking on mail that SPF tells you
has definitely come from an organisation that your whitelist tells you
that you should trust. AL does this, for example.

Equally, if SPF tells you that a mail has definitely come from someone
on your blacklist, you've more evidence for blocking it.

Peter

Right now each SPAM received on my various mailboxes (or hosts) do not
correspond to the SPF norm. That is why I want to use SPF to make a first
selection.
Do you have other solutions to SPEED UP the receiving of mails without
losing too much and without using a lot of resources?