Milter-greylist

A recent discussion somewhere on the net mentioned that
milter-greylist doesn't greylist if a sender's SPF information
validates.  I looked at the archives here and there's some mention of
the topic, but it doesn't go far enough.   <p>

This isn't such a good idea - the problem is that spammers are
increasingly publishing SPF records for their domains.   (And a clever
spammer could advertise ip4:0.0.0.0/0 as his address block, and SPF
would always pass, without giving out any useful information for
blacklist-managers to blacklist.) <p>

It still can make sense to check SPF records, since you shouldn't
whitelist messages if the SPF rejects a message.  Some people have
commented that rejecting messages that fail SPF isn't
milter-greylist's job, and it's probably not - I know sites that use
SPF as "yet another SpamAssassin weighting factor" rather than
outright rejection, though it could be argued than if you're checking
it here anyway, might as well do the rejection here if you're planning
to reject it for everybody anyway.    (On the other hand, if you've
already SPF-checked the sender before checking the greylist, there's
obviously no point...)