| 1 |
On Tue, Nov 07, 2006 at 04:24:59PM +0900 or thereabouts, Georgi Georgiev wrote: |
| 2 |
> I ain't no dev, but how is this trivial? A typical scenario is: a |
| 3 |
> gentoo-dev sends an e-mail to a mailing list (a non-gentoo mailing |
| 4 |
> list) and that mail gets nuked by a greedy spam filter because the SPF |
| 5 |
> rules exclude (oh well, "do not specifically include") the server that |
| 6 |
> forwards the mailing list message. |
| 7 |
|
| 8 |
I'm not trying to pick on Georgi, but can we please be realistic about the |
| 9 |
true impact of this? So far, we've identified one application |
| 10 |
(SpamAssassin) that incorrectly interprets a neutral SPF record. As a |
| 11 |
result, it adds 1.1 to the overall SA score. |
| 12 |
|
| 13 |
Different people have different thresholds for spam filtering, surely, but |
| 14 |
nobody in their right mind is going to start dropping mails with a positive |
| 15 |
score of 1.1. The default out of the box is (I think) 5.5. So the message |
| 16 |
is still marked as 80% clean. Even if you want to be ultra aggressive and |
| 17 |
drop mail based on a score in the 3-ish range, this SPF issue still won't |
| 18 |
even get the message a third of the way towards hitting that threshold. |
| 19 |
|
| 20 |
--kurt |
Archives