Rich Kulawiec <rsk@gsp.org> writes:
On Tue, Oct 27, 2015 at 08:09:00AM -0400, Ian Smith wrote:
This is the part that's been bugging me. Doesn't the NANOG server implement SPF checking on inbound list mail?
Don't know, but it doesn't matter: SPF has zero anti-spam value. (I know. I've studied this in ridiculous detail using a very large corpus of spam/nonspam messages over a very long period of time.) There are much better methods available.
My experience is that it dramatically cuts down on the number of spam bounce messages coming back to the SPF-protected domain. It may be that spammers don't bother sending out spam 'from' SPF-protected domains (that they don't own) but still send the same amount of spam; so it's not an effective antispam technique but it is a good domain reputation preservation technique. ... and thus a suitable topic for NANOG, I guess, rather than a mail abuse list, because it's best use is for domains that send no mail and recieve no mail and don't want anything to do with mail and stil get spam complaints.