spf-discuss
[Top] [All Lists]

Re: Sendmail white paper

2004-11-20 10:58:45
On Sat, 20 Nov 2004, Michael Weiner wrote:

Agreed, i have already switched to -all sometime ago. Any statistics on
~all vs -all, just curious who is publishing with the -all.

About 60% of the SPF records in my cache have "-all". (Earlier it was 75%).

Thanks for the statistics Roger, looks like the "suggestions" (ala
whitepapers) to NOT publish -all is being heeded  :-(

Sadly, yes.  I am now forced to reject on softfail by default as a result.

Who is publishing these whitepapers?  If you can't make your users
authenticate, then publish ?all.  ~all is for testing.  Whoever
is telling people to use ~all instead of ?all is shifting the meaning.

However, the new meaning is not completely unreasonable.  The original
spec said to treat neutral exactly the same as none.  But, I have
always treated neutral differently because it indicates that the 
domain owner at least has an SPF record.  For instance, I block neutral from
some commonly forged domains like aol.com.  

So, it seems that softfail is shifting from its original intent of
testing an SPF deployment before publishing -all, to something like
how I was treating neutral.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.