On Tue, Sep 21, 2004 at 04:53:11AM +0200,
Frank Ellermann <nobody(_at_)xyzzy(_dot_)claranet(_dot_)de> wrote
a message of 73 lines which said:
Maybe I'd even implement it this way, if a sender policy has no word
starting with a "-" or a "redirect" stop the evaluation as waste of
time (yes, that violates several MUST in protocol-03, but I could do
it before calling check_host()).
Anyone can implement stupid policies on his own site. One can add an
implicit -all at the end, he can assume a "a/24 mx/24 -all" if there
is no SPF record, he can reject SPF records that are too lax
(ip4:0.0.0.0/0), he can use a badly-managed blacklist, he can have
frivolous requirments (like asking for a PTR record), etc. That's the
freedom you have on the Internet. You are never forced to accept mail,
you can require any criteria you want.
But it is one thing to have this freedom and it is another thing to
ask for a sanctification of these stupid policies in a RFC on the
standards track.
SPF started in January 2004, and so far the number of unexpected
side-effects appears to be minimal.
Because very few domains publish SPF and even less test it (and it is
often for information only, without rejections). And the current users
are quite knowledgeable about email. When SPF will become widely
deployed, you will see the "unexpected side-effects".