On Mon, Nov 22, 2004 at 05:47:17PM +0100, Hannah Schroeter wrote:
OK, you have quite legalistic points. For me, a false positive is
if someone human intends to mail me, from an address he "owns" (be it on
an own domain, be it on a shared domain, but granted to him by the
domain owner), and this mail doesn't reach me for other reasons than
network or computer failure, this is a false rejection.
Clear. However, just as smtp should be directed to port 25 unless
otherwise agreed, why not accept that the right hand side has to be
used at that domain unless otherwise agreed?
Or if I, using my legitimate email address, send mail to someone and the
mail doesn't come through, it's a false positive - unless the recipient
actually *intended* to filter my mail (like killfiled me, e.g. using
Sieve).
There are hundreds of reasons why your mail is not delivered. If you
are actually talking about SPF here, then the owner of your RHS has
configured something that the receipient domain owner listens to.
This is a configuration problem (if the mail should have gone through)
or it is a policy (if the mail is rightfully blocked).
Am I right in that you'd call a configuration error a false positive?
For SPF, especially the forwarding problem is at risk of creating false
I think there is no forwarding problem. See the recently opened thread
about this. It boils down to: forwarders have to stop spoofing addresses,
SPF or not.
If your goal reality is a sender
controlled level of 2821-mail-from authentication w/o false positives,
I'd rather suggest things like solve forwarding first, in whatever way,
*then* start publishing -all and rejecting spf fail. Not the other way
round, as it seems to be done, unfortunately.
If things are going to change, it is because people have to change.
When we wait until forwarders have solved their problem, spoofing
is so big a problem that most of us will probably have stopped using
email altogether. This I firmly believe at the current moment. You
are welcome to try and change my point of view.
cheers,
Alex
--
I ask you to respect any "Reply-To" and "Mail-Follow-Up" headers. If
you reply to me off-list, you'd better tell me you're doing so. If
you don't, and if I reply to the list, that's your problem, not mine.