I think Markus misses the main point of the OP. The question of the OP is not whether SPF is a good or bad idea in general.

The question is whether its reasonable to add a blacklisting entry for the server IP if you receive a single mail with a non-matching SPF record (ie, server with IP a.b.c.d not covered by the SPF for foo.com). 

My take on this is that this blacklisting behaviour is entirely unreasonable. 

And I agree that it’s questionable why anyone should use a list with such unreasonable listing practices (apart from their extortion practices). Unfortunately the burden is first shifted not onto the admins responsible for such stupid decisions, but on the sending party who must wade through massive layers of ignorance and denial.

— Matthias

Am 08.10.2020 um 09:14 schrieb Markus Wild <swinog-list@dudes.ch>:

Hello Urs,

My take on your problem is the following:
- SPF is bad and breaks mail delivery, don't use it. But, if someone defines SPF records, and they thus declare they
 want to shoot themselves into their feet, by all means, I encourage to block mails failing SPF, because that's what
 domain owners who define SPF records ask for.
- everyone can setup blocking lists defining the oddest criteria for when an entry gets added. Someone in charge of a
 mailserver can decide based on his criteria, and his alone, what mails he wants to receive and what mail to reject.
 He can use whatever resources he wants, including bogus lists such as uceprotect. But, it would be prudent to inform
 yourself about what exactly you enable before you do so...
- now, if someone deploys antispam gateways such as those from Sophos, and decides to just click "enable all block
 lists" or however that menu looks like, and with this enables lists such as uceprotect, then that person just cut
 their company off from a lot of valid mail. If he wanted to do that, it's his decision, but usually it helps to teach
 those admins about the errors of their ways, instead of blaming the list provider.
- I personally consider uceprotect to be a rogue list with utopian views on how mail service works. Their unlist policy
 could be considered extortion, but the really responsible party is whoever enables such a list on their servers.

just my personal views:)

Markus


_______________________________________________
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog