On Sat, 20 Nov 2004, Michael Weiner wrote:
Agreed, i have already switched to -all sometime ago. Any statistics on
~all vs -all, just curious who is publishing with the -all.
About 60% of the SPF records in my cache have "-all". (Earlier it was 75%).
Thanks for the statistics Roger, looks like the "suggestions" (ala
whitepapers) to NOT publish -all is being heeded :-(
Sadly, yes. I am now forced to reject on softfail by default as a result.
Who is publishing these whitepapers? If you can't make your users
authenticate, then publish ?all. ~all is for testing. Whoever
is telling people to use ~all instead of ?all is shifting the meaning.
However, the new meaning is not completely unreasonable. The original
spec said to treat neutral exactly the same as none. But, I have
always treated neutral differently because it indicates that the
domain owner at least has an SPF record. For instance, I block neutral from
some commonly forged domains like aol.com.
So, it seems that softfail is shifting from its original intent of
testing an SPF deployment before publishing -all, to something like
how I was treating neutral.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.