1 |
On Tue, Nov 07, 2006 at 04:24:59PM +0900 or thereabouts, Georgi Georgiev wrote: |
2 |
> I ain't no dev, but how is this trivial? A typical scenario is: a |
3 |
> gentoo-dev sends an e-mail to a mailing list (a non-gentoo mailing |
4 |
> list) and that mail gets nuked by a greedy spam filter because the SPF |
5 |
> rules exclude (oh well, "do not specifically include") the server that |
6 |
> forwards the mailing list message. |
7 |
|
8 |
I'm not trying to pick on Georgi, but can we please be realistic about the |
9 |
true impact of this? So far, we've identified one application |
10 |
(SpamAssassin) that incorrectly interprets a neutral SPF record. As a |
11 |
result, it adds 1.1 to the overall SA score. |
12 |
|
13 |
Different people have different thresholds for spam filtering, surely, but |
14 |
nobody in their right mind is going to start dropping mails with a positive |
15 |
score of 1.1. The default out of the box is (I think) 5.5. So the message |
16 |
is still marked as 80% clean. Even if you want to be ultra aggressive and |
17 |
drop mail based on a score in the 3-ish range, this SPF issue still won't |
18 |
even get the message a third of the way towards hitting that threshold. |
19 |
|
20 |
--kurt |