Re: return of SOFTFAIL

I do think the softfail is a better thing to have than merely theunknown, and fail. I'm pretty sure of my mailing habits, but wanted tomake sure. However, Unknown means that you really just messed up therecord, in the end. I think it's effectively equivalent to not havingthe SPF header, in some ways.

What *would* be nice is some way for the domain controller to tell howmuch email from their domain is softfailing. I don't think it'spossible, but maybe a message to the user saying the mail went through,but that their SysAdmins where not happy with their SMTP server choice.Is it possible with the patches to do a soft bounce, similar to themessage when you can't reach a machine for 4 hrs? I think that mightbe the only way to get the info back to the sysadmins.

Obviously the recieving party will have the data of the softfaill. Howdo we get it back to the domain owners? Would a soft bounce to theoriginal email get the user to talk to the SA?

Ideally, we might be able to get the softbounce to generate a messageto a standard email address at each site, like spfbounce(_at_)example(_dot_)com,if you use the soft fail. You can choose not to get the emails by notusing the ~. If you use +,?, or -, you get no email.

~ should get us the statistics, and more importantly the headers of theSMTP servers that are users are using.

(AOL might not do it, but it might be useful to some of the rest of us,to test the whole system out. Getting AOL would be amazing :-)

So, who has comments for the neophyte on SPF? I've been hearing aboutSPF since LISA (SAGE). It's nice to see it really taking off. Doesany of what I've said really make sense?



Matthew

 --------------------------------
Matthew Barr
mbarr(_at_)datalyte(_dot_)com
Managing Partner
Datalyte Consulting, LLC.
(646) 765-6878    (cell)
On Jan 27, 2004, at 8:11 PM, Meng Weng Wong wrote:

On Wed, Jan 28, 2004 at 12:47:56AM +0000, Dan Boresjo wrote:
| On Tuesday 27 January 2004 11:07 pm, Meng Weng Wong wrote:
| > I'm going to bring back "softfail" so people don't have to choose
| > between "?" and "-" --- "~" will be a happy medium.
|
| As the spec is supposed to be frozen, I hope you are referring toSPF2?
No, I'm afraid this is a change for spfv1.  It's a very minor change
though with very big results.  I want to put SOFTFAIL back in for the
following reasons:

1) I took it out too hastily when Eric Allman questioned its value.

2) If we put it back in, people won't have to choose between "unknown"
   and "fail".

3) AOL will be able to change their record to ~all.
4) We'll then be able to gather much better statistics on expectedfalse
   positives and so on.

5) It lets domains smoothly switch from ? to - by stopping at ~ along
   the way.

6) Wayne talked me into it.
SOFTFAIL means a receiver MTA should still accept the message, butapply
a higher level of skepticism or a higher transaction cost: it should
content-filter it more strongly or (in a universe where hashcash is
available) the receiver MTA could ask the sender to compute some sortof
hashcash.
This change will be backward compatible to all existing publisheddomains.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
Wiki:http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/HomePageTo unsubscribe, change your address, or temporarily deactivate yoursubscription,please go tohttp://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡


-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
Wiki: 
http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/HomePage

To unsubscribe, change your address, or temporarily deactivate your subscription,please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡