Maybe as a community then we should solidify behind something like this and
publish it:
---------------------
Senders:
Publish ?all if
If you don't care who sends mail from your domain but know
which outbound nodes for your domain are valid.
or
You think that recipients may forward mail to another
system which will not apply SRS at al, and are happy
and support this and do not want that mail bounced
Publish ~all
If you don't yet know all your outbound nodes and,
until you are sure, you wish the receiver to treat
the failures with caution but not reject
Publish -all
If you think that your domain may be spoofed,
and accept that .forward will cause bounces.
You believe those forwarders should be fixed
and do SRS or an other, but find spoofing of
your domain unacceptable.
Note to domain admins:
-all will always generate rejects if SPF fails, apply caution when using it
or make sure you've defined all your mail hosts correctly.
Receivers should implement:
?all - Treat mail with extreme caution
~all - Treat mail with caution
-all - Reject out of hand.
If you choose to reject SPF failures, you accept that some mail, that is not
junk, may get bounced due to the above but accept that the domain admin for
those sites is happy with that and so are his users.
Forwarders:
Forward mail correctly or accept that you will get flak because you are not
SPF friendly. Don't whine about cost because the cost of SPAM far outweighs
any niggles you might have about fixing your legacy system. Play ball.
The rules have changed, play by the new rules or leave the game.
---------------------------------
Regards
Richard Bang
Floosietek Ltd
richard(_at_)ftgate(_dot_)com
http://www.floosietek.com