Peter Snow wrote:
I thought 'rejecting email purely based on an SPF result'
was what SPF was designed for?
If it's a FAIL then that's correct, it's what the sender said.
I can understand that 'today' it is a bad idea to reject
mail based on an SPF result as we are still ironing out
issues with it, so it would probably be more sensible to
monitor the SPF result only, until we are all singing from
the same songsheet.
That's not the case, the softies can sing SOFTFAIL, or use
Stephanes's test to see what would happen with a real FAIL.
Maybe James was talking from the POV of an admin with a huge
clueless user base with weird forwarding arrangements _from_
3rd parties. In that case you might be tempted to let your
own users have their mail (even if it's forged spam) instead
of doing what the sender says (= reject), because you don't
want to discuss these technical SPF issues with your users.
It would be nice if James could enable true SPF at least for
those of his own users with an IQ above room temperature.
Bye, Frank