On Mon, May 31, 2004 at 09:51:51AM -0500, Seth Goodman wrote:
"allow for rejection before data" != "must reject before data"
I'd like to make that choice myself, as do many users. Next thing
you know there's spf.rfc-ignorant.org listing people who don't reject ...
(no, I am not against rfci)
If SPF ultimately does come to pass, I hope that there _is_ a DNSBL such as
the one you mentioned for systems that don't reject SPF detectable
forgeries. It would be a perfectly reasonable and self-protective action to
reject mail from systems that knowingly accept forgeries.
Make it a BL that lists domains _responding_to_ such addresses (any
response, such as but not limited to "Out of Office" and "No such user"),
and I agree with you completely.
Me accepting such a message does not mean you have a problem with it. It is
when I send mail to the non-existing address. Fight the problem, not an
intermediate action please.
To state my feelings: I MUST be able to accept and hold messages that I
will be rejecting in a month or so. There MUST be a possibility to dry
run such an invasive protocol as SPF potentially can be. Brave people
MAY start blocking right away, this MUST NOT be enforced.
Alex