Milter-greylist

> Unless it was a SPF Record for our own domain.  ;)  My incoming server
> gets email from domains that are also authorized to send email from my
> IP Address.  

Well, what's the point of doing a SPF lookup for them? They should be
whitelisted earlier in the ACL.

> Alternatively, you could let the user pick a secret IP Address.  It 
> could be their IP Address, a random IP Address, or the IP Address of a
> unassigned IP Address in China.  This is probably a better idea.

Or a user-configurable netblock in which the address will be randomly
selected...

I've written the code for checking any SPF status in an ACL clause, and
the self-SPF case described above. Anyone has a SPF testbed to testdrive
it?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...