On 08/26/2015 02:07 PM, Valeri Galtsev wrote: > On Wed, August 26, 2015 2:29 pm, Alice Wonder wrote: >> >> >> On 08/26/2015 12:11 PM, g wrote: >>> On 08/26/15 13:11, Valeri Galtsev wrote: >>>> On Wed, August 26, 2015 12:55 pm, James A. Peltier wrote: >>> <<>> >>> something no one seems to have mentioned, so i will.. >>>>> | >> Received: from mx2.loverhearts.com (mx2.loverhearts.com >>> loverhearts.com is a single page that seems to do nothing. and there is > nothing in page source to do anything. >>> validator.w3.org shows 1 error and 1 warning showing that page was > poorly written. >>> so the only harm is spam, which i now have going to my Junk folder. so, > to all of you, i pass along a much more loving 'love' link; >>> http://lovehearts.com >>> enjoy. >> >> If you look at the SPF record for loverhearts.com (where they are coming > from for me) there are a whole slew of servers permitted to send on > their behalf. > > This way you may block good people. SPF records you used are owned by bad > guys: loverhearts.com allows others resend e-mail for themselves, but they > do not need permissions of whomever they add to their SPF records to do > so. In other words, one shouldn't trust anything what is in the records > created by bad guys. No what I mean is - I get e-mail from example.net If example.net has an SPF record, I then check all the IPs in the SPF record against blacklists and if two or more match, I reject the message as spam. That way if the MTA they are using isn't on a blacklist but others they specify in the SPF record are, they get identified as spammer and blocked. It doesn't matter if they add IP addresses to SPF from others, it wouldn't block every IP in the SPF - just check if 2 or more IPs in their SPF are on blacklists. I probably would have to write a custom filter to do that, but it may be worth doing.