In
<222BE5975A4813449559163F8F8CF50379005B(_at_)cohsrv1(_dot_)cohaesio(_dot_)com>
"Lars Dybdahl" <ldy(_at_)cohaesio(_dot_)com> writes:
quote from draft:
If a loop is detected, or if more than 20 subqueries are triggered,
an SPF client MAY abort the lookup and return the result "unknown".
Isn't this way too relaxed?
If you use SPF to protect the trust in your domain, it is important that
a small misconfiguration doesn't result in a lost SPF protection.
[...]
In other words, the draft should be changed to:
"If a loop is detected, or if more than 20 subqueries are triggered,
an SPF client should ignore further subqueries and proceed to
Interpret the rest of the SPF record without the subqueries."
I disagree with this very strongly. While everyone can have
differences of opinions here, I think that the vast majority of people
would rather have email delivered with an "unknown" SPF result rather
than having valid email rejected. SPF is designed to be "fail-safe".
That is, if something is wrong, things should fall back to the way it
would be if there was no SPF record published.
-wayne