Scott Kitterman wrote:
My concern is not so much with today, but once RHSBLs get
going, the risk becomes much greater. While the ISP might
fix the problem very quickly and cancel the other guy's
account, I may be stuck on a RHSBL and until I fix that,
my e-mail can't be delivered.
That could be a problem, but from my POV as user it's already
reality. Sometimes I had to use "the other mail provider",
because the first somehow made it on a BL (it wasn't me ;-)
In some cases I could fix it without asking the postmaster,
but with a SORBS 127.0.0.6 I was really forced to use the
other MSA. Fortunately my main provider now blocks all worms,
and I don't have many reasons to communicate with abuse desks
all over the world.
What does and SPF PASS really buy me?
Good question. Not too much, maybe the feeling that spammers
have to pay to get a PASS if they want it. The important SPF
result is a FAIL, that's what I want to get if somebody forges
my subdomain.
The major point of SPF (for me anyway) is the -all
Yes. IIRC we had a similar discussion about "SOFTPASS", the
SPF PASS is only a "SOFTPASS", and you would like to have a
"HARDPASS", if you're sure that no other client of the same
ISP can forge your domain.
Now after MARID dropped the ball we're in theory free to add
a "HARDPASS", but I'm already unhappy with SOFTFAIL and exp=.
SPF is really complex, I'd prefer simplifications instead of
adding more features. I'm one of these KISS fans, I simply
don't get it why a receiver should want to evaluate a sender
policy if he can't "win" something (= FAIL). And I don't get
it why he should display weird explanations of 3rd parties.
That's an idea for protocol-03, the exp= section could stress
that a sender policy with exp= but no chance for a "-" (FAIL)
is on the border to abusive.
Bye, Frank