Keith Moore wrote:
nobody is expected to pay any attention to SPF as a matter
of compliance with 2821. SPF is pretty much a joke.
Then let's move RFC 3834 and a bunch of draft standards to
"historic" because they rely on an envelope sender address
indicating the originator.
SPF PASS guarantees that a bounce to an alleged envelope
sender address cannot hit an innocent bystander. SPF FAIL
guarantees that the alleged sender is not the originator.
In both cases if it is not correct it's the problem of the
sender to fix it, nobody is forced to publish policies.
And receivers are not forced to check SPF if they possess
a good crystal ball to distinguish a forged envelope sender
address from a good reverse path.
But if their crystal ball degenerates into "90% of mail is
spam, most spam uses forged envelope sender addresses, and
therefore sending DSNs makes no sense" it cannot work, SMTP,
RFC 3834, MDNs, reduced to "maybe the mail made it or not,
to find out use jabber or the phone". That is broken.
If they can't send NDRs to XXX they better don't accept
mail from XXX, otherwise they run into problems with the
yes, but "can't send NDRs to XXX" is not the same thing as
only having an IPv6 path. because any sane mail admin will
know that having a way to deliver mail via IPv4 (and for
that matter, to accept mail via IPv4) is a practical
A hopefully sane poster on this list insisted on having an
AAAA SMTP without MX. And while you might think that over
a million SPF FAIL domains including ietf.org are a joke, one
SPF supporter here can't tell if he could reach Bill's IPv6
SMTP on any available route. I hope Gmail or GMX can reach
his IPv6 SMTP, directly my box can't. BTW, GMX is one of the
SPF FAIL jokes, GMail limits itself to SPF PASS, I can't tell
which is the bigger email provider in Germany.
IETF mailing list