[Greylist-users] SMTP server pools

William Blunn bill--greylist at blunn.org
Tue Sep 14 10:10:11 PDT 2004

> AOL is a great example of a case where it would make sense to alter the
> behavior of greylisting based on SPF records. AOL publishes an SPF record
> that explicitly lists most of their subnets (I used it as a starting
> point for my whitelist) but they also cover some of their hosts using
> a rule that says "anything in the mx.aol.com domain is okay." That
> rule isn't easily expressed as a simple IP-based whitelist.
> It's my expectation that, especially now that SPF looks like it's on
> its way to being blessed by the IETF, all the large ISPs that use pools
> of mail servers will be publishing SPF records in fairly short order.
> Making use of that information where available seems like a no-brainer
> to me.

I don't see how SPF interacts with greylisting.

I thought that an SPF test on an incoming delivery attempt would tell
you one of the following:

(a) don't know

(b) the sender is forged

(c) the sender is legit

If the SPF test is inconclusive, then you will want to do a greylist check.

If the sender is forged, you will probably want to reject the message.

But if the SPF test says that the sender is legit, that doesn't mean
message isn't spam.  You will still want to do a greylist check.

Could Spammers not set up valid SPF records that relate to servers they
are sending from?


More information about the Greylist-users mailing list