David Woodhouse wrote:
On Mon, 2004-11-22 at 09:34 -0600, Daniel Taylor wrote:
Without -all Joe in sales will have those same people dropping his mail
because of a softfail or neutral result without even the courtesy of
a bounce because they are too casual with their own business
communications.
If people reject mail for a softfail or neutral result, then the IS
department probably shouldn't publish SPF at all.
If the IS department is allowing their users to run forwarded e-mail
they probably shouldn't be checking SPF at all. You are proposing that
a policy failure on the receiving end should decide the policy on
the sending end.
At least with -all he gets a bounce and knows that he needs to contact
them by phone or through other channels. I've been through this with
actual salespeople, not just technical folks, and the hard fail is
almost always the preferred option.
With -all he advertises to the world that his company is willing to jump
on the latest bandwagon without actually having that much technical
clue, and without really considering the consequences.
Having considered and discussed the consequences, not just here, we
have decided that -all works better for us than some wishy-washy
"testing" setting that doesn't give us any feedback on where the system
might be failing without unnecessarily complex hacks. Besides, -all
gave us an immediate reduction in "forged from self" spams with an
incredibly cheap check.
Strangely, people using forwarding addresses aren't using SPF, and
people using SPF aren't using forwarding addresses. I can say this with
a reasonable degree of authority having manually checked the bounces
against a pool of over 90,000 e-mail addresses. (For real, I just took
the time to review recent new panelist e-mail fails, no SPF DSN's in there.)
We really use this, it really works OK, -all isn't 1/1000th the problem
you are claiming it is and I doubt it ever will be.
Given the choice of a company which publishes '-all' and a company which
does not, I'd favour the latter for any of my custom, especially if it's
computer-related.
Your choice, I prefer to use other criteria myself.
--
Daniel Taylor VP Operations Vocal Laboratories, Inc.
dtaylor(_at_)vocalabs(_dot_)com http://www.vocalabs.com/
(952)941-6580x203