hosted gmail did catch some of the spam but not all , into auto junk filter due to some of the weblinks were spammy Colin
On 27 Oct 2015, at 14:18, Ian Smith <ian.w.smith@gmail.com> wrote:
I'm not making any argument about the relation of SPF compliance to message quality or spam/ham ratio. You are no doubt correct that at this point in the game SPF doesn't matter with respect to message quality in a larger context, because these days messages that are not SPF compliant will simply never arrive, and therefore aren't sent.
I'm saying that SPF helps prevent envelope header forgery, which is what it was designed to do. The fact that NANOG isn't checking SPF (and it isn't, I tested) was exploited and resulted in a lot of spam to the list. This wasn't caught by receiving servers (like Gmail's, for example) because they checked mail.nanog.org against the nanog.org spf record, which checked out.
You can argue that envelope header forgery is irrelevant, and that corner cases don't matter. But I think this latest incident provides a good counterexample that it does matter. And it's easy to fix, so why not fix it?
-Ian