Yeah, this is useful for manually maintaining a list of domains for which you want to check spf records and update the whitelist. I.e. domains such as hotmail.com and google.com which fulfill the following requirements:
a) use round-robin sending mailservers  
b) are somehwat trusted 

I do this whith scripts today (including one from you Daniel :)

/J

* Daniel Ouellet (daniel@presscom.net) wrote:
quoted text
> Dave Anderson wrote:
>> On Wed, 22 Apr 2009, jared r r spiegel wrote:
>>
>>> On Thu, Apr 23, 2009 at 12:30:28AM +0000, Stuart Henderson wrote:
>>>
>>>> I see a tiny little problem with this method... sometimes people send
>>>> spam from domains whose DNS they control.
>>>  +1
>>>
>>>  i think part of the success i experience using SPF as a means to create
>>>  whitelists is in the fact that i maintain the list of domains i fancy
>>>  whitelisting.  unfortunately, it would be trivial for someone to take
>>>  advantage of an spf-based automatic whitelist to slip right on thru
>>>  spamd(8).
>>>
>>>  it's a pisser.
>>
>> What might make sense is to alter the script to generate a list of
>> canditates for whitelisting, but only apply any of them after they are
>> manually approved.
>
> Or to may be allow to actually have a list that the script cold checked  
> against to make the changes, witch would achieve the user intended  
> results and at the same time eliminating the possibility to have one  
> domain adding it's own records if that's no restricted.
>
> Like yo could create a google.com in the list and that would allow  
> connection from google being automatically added via the SPF records,  
> but no others would unless you manually add their name to the allow auto  
> extension of the SPF name list.
>
> Just a thought, not sure it's the best idea, but that's one way to keep  
> it automatic like intended to be use.
>
> Daniel