On Sat, 1 Jan 2005, Nick Phillips wrote:
It's your point 1 here that I think is misplaced. A PASS is not saying that
mail coming from that server with your domains on it is really yours, it's
saying that it could be, as that server is authorised to send mail from
I disagree. A NEUTRAL says that it could be yours. A PASS says that to the
best of your knowledge and ability (i.e. assuming your servers weren't hacked,
etc), the mail is yours. If your mail might go out via other ISPs without
meaningful authentication (i.e. that prevents cross customer forgery),
then they should be listed with '?'.
For instance, since some family members send mail through their ISP,
my family domain looks like this:
gathman.org text "v=spf1 mx:bmsi.com ?ptr:cox.net ?include:earthlink.net -all"
Any domain that gets a PASS, is going to have its spamminess count for/against
that domains reputation. So, if you don't want your domain to get a bad
reputation from the growing reputation services, don't publish PASS unless
you mean it. You can still help prevent forgery by publishing -all and
listing the possible sources for unauthenticated but legitimate mail with '?'.
FAIL causes many SPF implementation to reject the mail, including mine.
SOFTFAIL is generally accepted like NEUTRAL, but may generate a warning DSN or
be subject to more filtering.
NEUTRAL is generally accepted, but not treated as authenticated. For
instance, reputation services will count its spam score against the IP rather
than the domain.
PASS is generally accepted, and the domain is treated as authenticated.
Reputation services will count spamminess against the domain rather than
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.