----- Original Message -----
From: "Frank Ellermann" <nobody(_at_)xyzzy(_dot_)claranet(_dot_)de>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Monday, December 06, 2004 9:19 PM
Subject: [spf-discuss] Re: FairUCE
jpinkerton wrote:
SPF-enabled domains will not require a challenge.
That sounds like they understood PASS, but are lost with FAIL.
What they should do is to reject FAIL, and challenge any PASS,
which is not yet known to be "solicited spam" (aka "FairUCE").
Or did I miss something ?
Bye, Frank
Watch your tenses. Since they are not yet doing SPF, and widespread SPF use
is not yet here, they are simply treating all failures of their SPF-looking
tests as SOFTFAIL. This seems quite reasonable for now.
I'd strongly encourage them to implement genuine SPF on the front end of
their system to reduce their system load for virus and zombie machine email,
and use their challenge/response system in SOFTFAIL or similar
circumstances.