Hi Aredridel,
Sunday, July 4, 2004, 5:23:59 PM, you wrote:
snip
A> I am an ISP -- the very classic, dialup sort.
snip
A> If your customer base is used to communicating their
A> needs, I reccomend it. If not, be careful. Softfail first. Monitor logs
A> and contact customers who have problems. Track problems.
Did you go Softfail at all? If so, how did you deal with the problems
of Baysian filters of recipients (eg: Netscape/Thunderbird/etc)
silently dropping customer emails for that 1% of people you discovered
later have problems (or did those victims not realize that your SPF
setting was the cause until you got rid of Softfail? Can you survey
them and ask if they sent emails that recipients claimed never to get
(or that got tagged as spam) during your softfail period?)
If you did not go Softfail - why are you recommending it? I'm not an
ISP, but the thought of angry customers complaining to me that their
emails "won't send" sounds a lot better than letting customers send
emails knowing that Baysian filters are going to gobble them. You've
got to one day switch softfail off anyhow, at which time you're going
to get the "my email won't send" complaints, so I can't see any excuse
for using Softfail at all.
SPF is for rejecting forged emails. It's built specifically to let
senders know when emails don't go through, by rejecting before DATA.
Trying to use it any other way multiplies false-positive problems
dangerously (more legit emails get trashed, and no senders know this
occurred).
Chris I-hate-things-stealing-my-mail Drake.