-----Original Message-----
From: owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of Douglas
Otis
Sent: Thursday, July 21, 2005 1:18 AM
Subject: Re: [spf-help] Re: SPF and SenderID
I would say there is another option that should be considered. Not
publishing SPF records. Many recipients are rejecting '~' and '?' which
creates an immediate problem for the sender with forwarding issues that
depend upon this exploited feature.
I'm curious what the basis for this statement is. Do you have statistics?
As a domain owner that relies entirely on shared MTAs, many of which are
vulnerable to cross user forgery, almost all mail that comes from my domain
(including this message) gets a Neutral ("?") result. It's been this way
for more than a year. So far, I've had one mail rejection as a result. I
contacted that person via another channel and they thanked me for pointing
out that they had set up their system wrong. Based on my experience, I
would say that no one is rejecting mail due to a Neutral result.
In addition to my personal experience, I also help handle submissions to the
SPF web site. In the approximately 1,000 submissions we've had in the last
6 months there haven't been ANY that were caused by a Neutral rejection. If
this were a common phenomenon, I believe that people would be complaining.
WRT to softfail ("~"), it's a little different, there we are seeing
submissions that relate to rejections on a softfail result. The numbers are
small (I find 15 out of 1,073), but it does happen. This is also entirely
unrelated to the question of should a domain owner that is using a shared
server that has the potential to be subject to cross-user forgery give a
Neutral result. I thought that was the topic we were on.
I've done this for a long time and it works for me.
Scott Kitterman