Stephane Bortzmeyer wrote:
if someone publishes -all and gets important mail bounced
s/he can still decide to remove/change -all
I agree. This is a local policy issue.
Yes and no. Yes, s/he can still decide to do something. But
I'd never remove or change a -all, there are better options.
Like using an alias of my address not covered by the sender
policy. But so far I never had this problem. But I got about
180,000 bounces and other side effects of forged MAIL FROMs in
six months (03-08).
I'd never remove the -all voluntarily. And apparently no other
user of claranet.de vanity hosts had any problem (the wildcard
was added in May IIRC).
"SHOULD publish SPF records that end in "-all"
should be deleted or moved to "Security considerations" with
a less demanding wording.
It's perfectly okay. SPF without -all is about as efficient as
the new FUSSP RfC 3865 [some remarks about RfC 3865 censored,
because this would cost me the write access to MARID]. So add
whatever CAVEATs and warnings you want, but don't touch this
SHOULD. SPF without -all is a complete waste of bandwidth and
time. Bye, Frank