[Top] [All Lists]

RE: Concluding the SPF and Sender ID experiments

2009-02-26 10:59:15

Comments inline

-----Original Message-----
From: owner-ietf-smtp(_at_)mail(_dot_)imc(_dot_)org
On Behalf Of SM
Sent: Thursday, February 26, 2009 10:05 AM
To: Hector Santos
Cc: ietf-smtp(_at_)imc(_dot_)org
Subject: Re: Concluding the SPF and Sender ID experiments

Hi Hector,
At 05:28 26-02-2009, Hector Santos wrote:
I don't see the logic connection.

The first part of the comment was about the note.  That note mentions
how the two experiments can affect each other.  It goes on to say
that the heuristics could be applied incorrectly.

A SPF hard fail result is a strong indicator that the DOMAIN wants a
rejection - no guessing, no 2nd thoughts.


There was a comment about phishing and that receivers use the
pass/fail from SPF1 tests as a strong indicator to assess the
validity of the message.

No, what I meant (or intended to communicate) is that testing in
conjunction with receivers has shown a very high correlation between
phishing emails and SPF failures where the abused domain has published a
strong SPF record (ending in -all). 

For us, the whole point of SPF1 is not to use heuristics at the SMTP

No heuristics. If a domain publishes a record using "-all", they are
indicating that mail not originating from the hosts indicated didn't
originate from them. IBM publishes a simple -all for That is a
statement that if you receive connections for mail (Mailfrom) purporting
to be from the domain it isn't their mail.

It is used for heuristics at the 5322 level.

But hard fail at SMTP transport level? ---> REJECT!


System that ignore the hard fail policy of a domain are just
creating problems for domains that desire it by watering down the


Do these domains publish v=spf1 and spf2.0 records?

Mine do but the spf2.0 is just to specify mfrom to avoid the use of PRA
against our domains.