In <404B439C(_dot_)4020309(_at_)gladstonefamily(_dot_)net> Philip Gladstone
<philip-spf(_at_)gladstonefamily(_dot_)net> writes:
I view SPF as returning information about the probability that sending
email to the return-path address will actually reach the sender of the
message.
I disagree with this view that SPF is about the probability that the
return-path will get back to the sender. The SPF spec is pretty clear
that it is about being authorization. If someone sends email from an
unauthorized source, bounces may well get back to the sender, but SPF
checks will still fail (if that's what the domain owner wants).
In this view, if the sender's domain does not exist, then there is no
chance that sending email to that address will work. Hence the
rationale for 'fail'.
I can understand this rationale, but I think only the domain owner
should be able to say if the IP address is authorized or not.
Local policies of the receiving MTA can decide whether to accept or
reject the email. This may depend on the result of the SPF check,
but it will likely depend on many other things also.
-wayne