David Brodbeck wrote:
Matthew(_dot_)van(_dot_)Eerde(_at_)hbinc(_dot_)com wrote:
Everyone will make their own choices, and we no
longer really have a standardized, predictable response. The whole
thing becomes much more non-deterministic. Different sites will be
treating the same SPF record completely differently.
This is a good thing. Different people have differing levels of
paranoia.
I don't see it as a good thing. It would mean that when you published
an SPF record, you would have to guess at how people were going to
interpret it. It makes it a lot riskier.
How is it riskier? If a domain owner is concerned as to how people will
interpret their SPF record, they will limit themselves to + and -. No ?, ~, or
0.\d+ implies no ambiguity. I think 0.\d+ allows a more granular method of
specifying the same inherent doubt involved in ~ and especially ?.
If they want to communicate an existing uncertainty about a domain, the
addition of the 0.\d+ parameter is a way to avoid a lot of worry about "what if
one of my nominally authorized locations sends spam?".