Michael Py wrote:
Consider the following strategy:
1. Encourage everyone to publish -all. Now.
2. Discourage everyone to reject on -all until SRS/DAVE happens.
David McNett:
I dislike this plan because it steals my ability to use -all. I have
no forwarding concerns for my domains and I *want* people to be
treating my SPF records as gospel. Without an -all-i-really-mean-it
option, SPF is crippled for people who don't have concerns over
forwarding/SRS issues.
I think Michael intended rule #2 to exclude smaller installs with just a few
users who don't have any e-mail being forwarded to them. I'm pretty sure his
recommendations are for larger organizations (like ISPs or large corporations)
who don't really have a handle on what exactly their users are doing with the
accounts. Those are the installs that need to be careful about accidentally
blocking someone's forwarding.
Michael R. Brumm