-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Daniel
Taylor
Sent: Friday, September 10, 2004 2:37 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] SPF adoptees
Note that neutral is a .999 spam indicator.
I hope that doesn't mean that you think it might be good to do anything with
that...
The specs say, "Neutral (?): The SPF client MUST proceed as if a domain did
not publish SPF data." This is an essential element of SPF that is critical
for those of us who do not run our own MTAs.
It is very difficult for me to get an SPF PASS that does not also expose my
domains to being victimized by cross-customer forgery by the other
legitimate users of the commercial shared MTAs that I have access to. If
this message came straight to you, instead of via the list, then it would be
a Neutral. I depend on you following the SPF specs. This is a situation
that appears to be common to almost all shared MTA users.
I suspect that part of the reason you see so few non-spam Neutrals is two
fold, first most of the early adopters are those most likely to be running
their own MTAs and second, the false positive risk faced by shared MTA users
is not featured either on spf.pobox.com or in the various wizards (note that
I am not pointing any fingers here, I volunteered to write some stuff I
haven't had time to write yet) among the few shared MTA users currently
publishing SPF, many don't understand the false positive risk.
Scott Kitterman