On Mon, 28 Jun 2004, Chris Drake wrote:
Meng: you need to tell people in your spec that "softfail" will cause
all baysian-equipped email clients (inc. all mozilla/thunderbird/etc
ones) to silently eradicate legitimate emails. In other words - state
in the strongest possible terms that softfail is a BAD IDEA, and that
the full "fail" is the only acceptable way for legitimate senders to
know that their email did not reach their recipient.
Those who cannot tolerate false positives should NOT be using bayesian
filtering at all. However, I agree that REJECTing rather than silently
trashing is the proper response in case of softfail. This is easy to do
if all filtering is done in the MTA. (I use a sendmail milter to
both check SPF and do bayesian filtering.)
When content filtering is done later, this is more difficult. So let
me ask you, in case of content filtering rejecting a message after SMTP that is
SOFTFAIL for SPF, should it be bounced (potentially spamming the
domain in case of forgery) or trashed (potentially losing legit mail)?
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.