If this has already been addressed, please let me know. I read the
documentation but didn't see anything like this.
I like the idea of SPF, but I think the transition from softdeny to deny
is going to be problematic. There are going to be lots of failures at
that point. For our domains, it's going to be difficult to ensure that
all the legitimate sending computers are configured correctly before
switching over. This will either delay the transition to deny mode, or
will create problems that I won't find out about until something breaks.
To help out I'd like to see SPF add an optional reporting directive.
This directive would indicate to MTA's on the internet that I want
an email report when someone tries to forge a sender in my domain.
In this report I'd like to see the sender and recipient addresses and
the IP address of the smtp client.
What this would allow me to do is first set up SPF in softdeny mode, then
start monitoring for these reports. As I see forgery reports coming in,
I should be able to determine if these are legitimate senders who are
mis-configured, and fix these problems. After monitoring for a while
and fixing any problems found in the reports, I would be confident that
I could switch the domain to deny mode. I think such a feature would
help speed up the transition to SPF deny mode, not just for me, but for
many administrators.
This feature could also help track down or prevent more forgeries.
Someone may be less inclined to attempt a forgery if they know that the
administrator of the sender domain will be notified - someone who is
probably more interested in pursuing them than the recipient.
The reporting directive would look something like this:
report(_at_)?þ�P©Ó?H,1�&-; ì?Ò7¡ ?Ú]
When an MTA sees this directive in a domain's spf record, and gets a
forged sender in that domain, it will generate a report to this address
letting the administrator know of the forgery.
Of course this feature could cause problems for the MTA, especially if
there are bad administrator addresses listed or if there is a very large
volume of forgeries. I'd make implementation optional - the MTA doesn't
have to do this, or could cut off the reports in any way it sees fit.
The MTA could batch these up and only send one report to each address
per day. Also, it might be a good idea to force reporting addresses
to be in the same domain where they are listed to ensure that reports
aren't sent somewhere bogus.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡