spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Why SOFTFAIL

2004-06-28 19:53:17
from [Frank Ellermann] [Permanent Link] 
wayne wrote:
 

The SOFTFAIL result has had a somewhat shakey history, but I
am a strong supporter of it.

[...]

Thanks, that was interesting, apparently you wanted it as a
transient step towards FAIL, or as an instrument to convince
hesitant admins.

I still don't like it, for the reasons mentioned by Scott
(why no SOFTPASS if there's a SOFTFAIL) and Chris (SOFTFAIL
could be interpreted as "let the user delete it").  And if I
look into the new draft-ietf-marid-core-01.txt there are now
seven values "none", "pass", "fail", "softFail", "neutral",
"transientError", "hardError".

That's confusing, maybe it's an overspecification.  Why not
simply "error", and let the implementation decide what to do
with this situation ?

And if you compare 6.3 SOFTFAIL vs. 6.4 NEUTRAL, they are very
similar, and 6.3 ends with the obscure explanation:

| A message for which the result is "softFail" is less likely
| to be authentic than a message for which the result is
| "neutral".

What's that meant to be, an attempt in fuzzy logic ?  As a
recipient I'm interested in the policy of the sender, and
then I have to interpret this policy in my context.  I'm not
at all interested in a guess of a 3rd party.  Either they
know what's going on (+ or -), or they don't know it (?).

What should I as recipient do with a SOFTFAIL, bounce it to
postmaster(_at_)domain(_dot_)example and ask for further instructions ?


MTAs SHOULD try to inform the recipient and/or sender of the
email that the SPF check did not pass and that the domain
owner is transitioning to a more strict standard.  In the
future, such emails may be rejected and that the sender
should take corrective actions now.


Okay, it is really for debugging.  Depends on the cooperation
of the recipients.


The issue of whether there should be just a pass/fail, or if
there should be some levels of gray in SPF seems to be an
issue that many reasonable people disagree on.


Yes, I prefer black and white in technical solutions.  Having
GRAY1 up to GRAY99 could be also interesting, but with NEUTRAL
= GRAY50 and SOFTFAIL = GRAY75 there's again the asymmetry of
no SOFTPASS = GRAY25.


I don't see what things a softpass would do.


Scott's idea:  the current PASS would be SOFTPASS, and it says
"my mail is sent with this IP, but I'm not the only user here,
other users of the same IP could forge my address".  The new
PASS would say "my mail is sent by this IP, and nobody else is
in the position to forge my address" (e.g. a well-behaved MSA
doesn't allow to use an arbitrary MAIL FROM)

                        Bye, Frank
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re[2]: Why SOFTFAIL, Chris Drake
Next by Date:  Re: Software is Buggy and Immature!, Jeffrey Goldberg
Previous by Thread:  Re: Re[2]: Why SOFTFAIL, David Brodbeck
Next by Thread:  Re: (Not) Possible New Mechanism Prefix, Jonathan Gardner
Indexes:  [Date] [Thread] [Top] [All Lists]