zdravko at 5group.com
Tue May 8 16:52:26 CEST 2007
Tor Bendiksen wrote:
> On Tue, 08 May 2007 16:16:56 +0300, Zdravko Stoychev <zdravko at 5group.com> wrote:
>> Hi all! Are there any plans to implement SPF-checks in RC?
> Shouldn't this be a MTA task? Or possibly whatever anti-spam solution used.
Agreed! Even that, RC could check message headers and if SPF: FAIL is
present, then could show warning banner at least? This would be of great
benefit for the end-users. A-la soft of built-in Phishing protection
which is based on headers examination. Same could be done (again
optional) for SpamAssassin headers.
> At least this is the way I use SPF on my servers.
> I can see how it can be beneficial at the MUA level to a degree, but
> it could generate a lot of DNS traffic for every message. Caching
> nightmare either for Roundcube, or the requirement for a local caching
> name server.
> Not something I would like, but perhaps that's just me.
> Perhaps suitable as a plugin, once the plugin API is finished?
>> Could be quite simple to implement using libspf2.so and just one
>> function call.
>> Or just check for Header Fields related to it as "Received-SPF:") in
>> order to notify mail reader about "MAIL FROM:" forgery? Or at least,
>> option to mark messages as spam if SPF: FAIL is detected in the Header.
>> Most of the biggest mail providers as Hotmail, Google etc. and lot of
>> Enterprise/personal mail servers have SPF implemented, including mail
>> servers as Sendmail, MS Exchange, Qmail, Exim, so this is really good
>> thing to have. Microsoft have added support for it with their own RFC
> Could be handy if it was working with the headers. That would add very little
> overhead. Once again, a lot of this could be dealt with at the MTA level.
> Please note that while MS' SenderID is loosely base on SPF, it is not the same.
>> See also:
More information about the Dev