spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Electronic Frontier Foundation (EFF) Article OnAnti-Spam Technologies Mentions SPF

2004-11-23 07:49:07
from [Daniel Taylor] [Permanent Link] 
David Woodhouse wrote:

On Mon, 2004-11-22 at 11:07 -0600, Daniel Taylor wrote:


We publish -all. I spend more time dealing with people losing mail
into spam filters than dealing with SPF rejects.

We get several messages per week from people who never saw
our confirmation e-mail and wonder why their panelist account
shows unconfirmed, we get no SPF DSN's from people using forwarding
addresses with SPF.



And you haven't stopped to think that this might be because so few
people are actually dim enough to reject mail for an SPF failure? 

I suspect that few are bright enough to reject instead of
bouncing or dropping. For any reason, let alone SPF.


The
burden of 'blame' definitely does seem to have fallen on the recipient
for rejection of mail -- people publish '-all' but there are very few
(relevant) sites actually obeying it.


Blame is irrelevant, but I hold the receiver responsible
if they drop instead of rejecting.

With "-all" we at least have stated a firm policy that can be used
by ourselves and others as a definite rejection rule. If a site
rejects our mail based on that rule, then we are dealing with
either a forgery or a configuration error. I can deal with either
case appropriately. If they silently drop our mail for _any reason_
I cannot deal with that, as I do not know about it.

Heck, I see 2-3 "mail loops back to self" bounces a week just from
people signing up with us. E-mail is misconfigured, unreliable, and
generally a pain. SPF with "-all" at least relieves some of that pain
and moves more to where it can be dealt with.


Now that you're publishing '-all', how many bounces are you still
getting to mail which you didn't send?


Quite a few, mostly because SPF isn't that widespread on the receiving
end yet. Most of the ones we get are virus bounces, from sites that
really should know better.


I get almost none now that I use SES, and I can send to people who
forward their mail.


You get almost none, or you _accept_ almost none?
We still "get" quite a few "from self" spams, but we refuse to accept
delivery because they fail our -all rule. We could use SES in addition
to allow us to refuse bogus bounces as well, but we haven't yet.
Mostly because I still find them more informative than annoying.

--
Daniel Taylor          VP Operations            Vocal Laboratories, Inc.
dtaylor(_at_)vocalabs(_dot_)com   http://www.vocalabs.com/        
(952)941-6580x203
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: update of "welcome to the list" message, wayne
Next by Date:  Re: Can the SPF technique be used to stop IP address spoofing?, wayne
Previous by Thread:  Re: Electronic Frontier Foundation (EFF) Article OnAnti-Spam Technologies Mentions SPF, David Woodhouse
Next by Thread:  Re: Electronic Frontier Foundation (EFF) Article OnAnti-Spam Technologies Mentions SPF, David Woodhouse
Indexes:  [Date] [Thread] [Top] [All Lists]