spf-discuss
[Top] [All Lists]

Re: (Not) Possible New Mechanism Prefix

2004-06-27 11:37:10
spf(_at_)kitterman(_dot_)com wrote:
 
The answer I got was that PASS already means not a forgery.

That's obviously wrong because "v=spf1 +all" is a perfectly
valid sender policy.  Of course it's not very useful, but it
is valid:  "all mailers are allowed to send any MAIL FROM my
domain".

I read that to mean PASS==Not a forgery.

No, that's wrong.  You have FAIL => forgery (in an ideal world
without Murphy ;-), but you don't have PASS => no forgery.  In
an ideal world you also have "no forgery => no FAIL", but that
is only elementary logic.

My major concern here is that there is clearly confusion over
what PASS means.

Yes, that's a side-effect of having SOFTFAIL but no SOFTPASS.

With your idea of adding SOFTPASS we could define something
like PASS == no forgery, but in practice almost nobody could
use it (except from single user systems with a static IP, or
similar constellations).

The problem isn't the missing SOFTPASS but the SOFTFAIL hack:
Actually SOFTFAIL is only for debugging.  Maybe MARID removes
it, it's not really necessary, ? is good enough for "unknown",
nobody needs an additional ~ for "unknown, but probably bad".

At least that's my interpretation, and I wasn't here when the
SOFTFAIL was invented.
 
I'd like to see this clearly explained on the SPF web site
and options added to the wizards to ask people if the MTA is
shared (I can do HTML, I'd be willing to help).

Adding the option without a corresponding SOFTPASS (for domains
with more than one human user ;-) won't help.

there are going to be false accusations of spamming against
legitimate domain owners that they wouldn't have gotten if
they hadn't published SPF records.

Then their sender policy is too broad, and they should know
what to do with these complaints:  Ask their _own_ provider
to terminate the account of the forger a.s.a.p. (like today,
because tomorrow would be the day when they look for a new
provider with a better AUP).
                              Bye, Frank