spf-discuss
[Top] [All Lists]

Re: Sendmail white paper

2004-11-21 10:10:15
On Sat, 20 Nov 2004 12:58:45 -0500 (EST), Stuart D. Gathman
<stuart(_at_)bmsi(_dot_)com> wrote:
On Sat, 20 Nov 2004, Michael Weiner wrote:

Agreed, i have already switched to -all sometime ago. Any statistics on
~all vs -all, just curious who is publishing with the -all.

About 60% of the SPF records in my cache have "-all". (Earlier it was 
75%).

Thanks for the statistics Roger, looks like the "suggestions" (ala
whitepapers) to NOT publish -all is being heeded  :-(

Sadly, yes.  I am now forced to reject on softfail by default as a result.

Today while I was checking some domains' SPF records that my users
always send mails to, I bumped into the following record:

"v=spf1 ~all"

First, I thought this is definitely "wrong". When I tried the
validator at spftools.net, it said:

Record Found: v=spf1 ~all
No Errors
No Warnings
No Notes
Record is clean!

So, I beleive, according to the spec, this is _valid_ to publish.

Unfortunately, I found 14 of the domains in my mailserver's logs who
are publishing this. Later found out that, all domain's belongs to one
hosting company. So, it could be the ignorant administrator who
published those addresses. Or, they really chose to softfail all mail
that originate from those domains (why?).

Question: should we consider these cases at all and *not* reject on
softfail (~all)?

Regards,

MZR