It seems to me that there should be something between PASS and NEUTRAL.
Having no SPF record should be -all, IMHO, but let us assume that this is
not the issue for now!
So, if I had no record, default to NEUTRAL. I understand someone blocking
this, I want to myself, but I don't, yet. But if I get mail from the SMTP
server you said is valid for your domain, I would trust it more than
NEUTRAL. It should not be PASS since it could still be forged, but only by
a small group of people, not the whole world!
Not sure I am explaining it very well. I hope everyone understands what I
am saying.
On a related subject...
Meng Weng Wong wrote:
4) encourage the world to assume "a/24 mx/24 ptr -all" for non-publishing
domains
Guy Watkins wrote:
Encourage the world to assume "-all" for non-publishing domains.
If someone wants to send email, let them say so.
Guy
Sure you saved money, but at what cost? - "Guy Watkins"
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Scott
Kitterman
Sent: Friday, September 17, 2004 12:17 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] Please Don't Reject SPF NEUTRAL
I just got my first message rejection due to a NEUTRAL SPF result (I've
changed the addresses):
Hi. This is the qmail-send program at relay.host.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<localpart(_at_)somecompany(_dot_)com>:
207.76.105.21 failed after I sent the message.
Remote host said: neutral
Getting to an SPF PASS is almost impossible for a shared MTA user (e.g.
vanity domain). If this becomes commonplace, my only recourse will be to
pull my SPF records down. The SPF Classic spec says:
Neutral (?): The SPF client MUST proceed as if a domain did not
publish SPF data. This result occurs if the domain explicitly
specifies a "?" value, or if processing "falls off the end" of
the SPF record.
http://spf.pobox.com/spf-draft-200406.txt
Rejecting on a NEUTRAL result is a violation of the spec and it's going to
hurt SPF as a whole. If someone has published a record the produces a
NEUTRAL result, then they probably have a reason for it. It may be that
they are trying to avoid falsely authorizing e-mails they didn't send (my
reason) or it may be that they are trying to spam you and piggyback on
someone else's ?all record. There's no way you can know without looking at
the message contents (which is what you would do if there was no SPF).
Please, just follow the spec. Many of us depend on it.
Scott Kitterman
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com