In <59A5A8E4-7D2F-11D8-BA10-000393DB5366(_at_)cs(_dot_)utk(_dot_)edu> Keith
Moore <moore(_at_)cs(_dot_)utk(_dot_)edu> writes:
for instance, I don't think it would be acceptable to silently drop
messages on the basis of an SPF record, because the problem could
actually be a configuration error rather than malice or deceit.
The intent of SPF is that you *wouldn't* silently drop email on a
failure, but rather issue an SMTP 5xx rejection (or 4xx on DNS
failure).
The intent of SPF is that, if the check passes, you can safely send
bounces to the envelope-from. SPF is also designed to be light-weight
enough to be run in the MTA in most cases, and flexible enough so that
you can do a certain amount of per-user validation if you want.
I really don't want to see the must bounce rule relaxed. There are
already too many times that spam-filters silently discard legitimate
email, it would be nice if more of that email could be safely bounced.
-wayne