spf-discuss
[Top] [All Lists]

RE: URGENT: Community Position on SenderID

2004-11-26 09:27:54
Maybe as a community then we should solidify behind something like this and
publish it:

---------------------
Senders:

Publish ?all if
   If you don't care who sends mail from your domain but know 
   which outbound nodes for your domain are valid.
or
   You think that recipients may forward mail to another 
   system which will not apply SRS at al, and are happy 
   and support this and do not want that mail bounced

Publish ~all
   If you don't yet know all your outbound nodes and, 
   until you are sure, you wish the receiver to treat 
   the failures with caution but not reject 

Publish -all
   If you think that your domain may be spoofed, 
   and accept that .forward will cause bounces. 
   You believe those forwarders should be fixed 
   and do SRS or an other, but find spoofing of  
   your domain unacceptable.

Note to domain admins:
-all will always generate rejects if SPF fails, apply caution when using it
or make sure you've defined all your mail hosts correctly.

Receivers should implement:
?all - Treat mail with extreme caution
~all - Treat mail with caution
-all - Reject out of hand.

If you choose to reject SPF failures, you accept that some mail, that is not
junk, may get bounced due to the above but accept that the domain admin for
those sites is happy with that and so are his users.

Forwarders:
Forward mail correctly or accept that you will get flak because you are not
SPF friendly. Don't whine about cost because the cost of SPAM far outweighs
any niggles you might have about fixing your legacy system. Play ball.

The rules have changed, play by the new rules or leave the game.
---------------------------------

Regards

Richard Bang
Floosietek Ltd
richard(_at_)ftgate(_dot_)com
http://www.floosietek.com