There's a lot of noise in here.
Can someone summarise for me as I have got lost in the party:
1. If I don't control all the outbound nodes for my domain I publish ?all
2. If I think that recipients may forward my mail to another system which
will not apply SRS at al, and I am happy with that, I should publish ?all.
3. If I think that my domain may be spoofed, I publish -all and accept that
.forward will cause bounces. I believe they should be fixed and do SRS or an
other, but I find spoofing of my domain unacceptable.
4. If I choose to reject SPF failures, I accept that some valid mail may get
bounced due to 2 or 3 but I accept that the domain admin for those sites is
happy with that and so are his users.
Given the above, why cant I reject -all. The domain admin can define which
behaviour they want knowing the -all will always get a reject for failures.
I would think that saying:
"-all will always generate rejects if SPF fails, apply caution when using
it" would be sufficient.
Please correct me if I'm getting the wrong end of the stick, but I cant see
the wood for the trees.
:)
Regards
Richard Bang
Floosietek Ltd
richard(_at_)ftgate(_dot_)com
http://www.floosietek.com