Stephane Bortzmeyer wrote:
why people do stupid mistakes like the one in nordnet.fr?
Probably they're contanimated by "Wannaspew". I stumbled over
whois.nordnet.net in my quest to find working abuse addresses
for Wanadoo. You could also ask why some abuse desks use a
normal "Joe Sysadmin" spam filter on abuse reports. <sigh>
We are not talking about Amazon email experts. We are talking
about Joe Sysadmin at smalldomain.com.
In theory Nordnet is Wanadoo's registrar, isn't it ? That's
no small domain. Sooner or later they'll find the missing "i"
in "p4:194.51.85.0/24". It's an experimental SOFTFAIL policy,
and if they test it they'd note that "~all" is never evaluated
after the typo in their "p4"-mechanism.
SPF tried to simplify the world (pretending there is only one
identity in email, envelope from, while there are many, each
with its strengths and weaknesses).
The other identities are less relevant for a _sender_ policy.
PRA is a weird attempt at a _forwarder_ policy. The beauty of
spf2.0/mailfrom is that it identifies the one important hop
from the side of the sender to the side of the recipient. If
this recipient wants to forward his mail to a 3rd party, then
this is entirely his problem. Whatever he does, he shouldn't
abuse the return-path of the original sender for this purpose.
That's no oversimplification. That's working as designed. SPF
always promised to break forwarding to third parties with an
unmodified return-path. And it never ever touches the DATA in
a mail, including all 2822 headers.
Unified SPF tries to acknowledge the fact that there is no
consensus on the best identity (probably for a very good
reason).
Sure, the freedom to lie without getting the bounces is very
important for some businesses. But it's not in the interest
of the _senders_
The S in SPF doesn't stand for "Spam" or "Submitter", it means
"Sender".
Bye, Frank