spf-discuss
[Top] [All Lists]

Re: Abusing SPF record for PRA testing

2004-12-12 09:56:17

On Dec 12, 2004, at 11:37 AM, <terry(_at_)ashtonwoodshomes(_dot_)com> wrote:

Perhaps a representative from the SPF council should contact postmaster(_at_)algoritmnt(_dot_)ru indicating that PRA interpreting SPF records is unacceptable, with the illustration of this particular failure
as being why.

A proposed response that the SPF council rep could use follows:

I would say that it should _not_ be the SPF council position or responsibility to contact domain owners that decide to deviate from the specification. Anyone can use SPF records for anything they want. I can check the Error-To: domain from the RFC2822 body against SPF records and reject on + entries if I so desire -- my network, my rules. Because I choose to differ doesn't make me wrong (could make me stupid), I could be doing research or a feasibility study for all you know. Regardless, the SPF council should never go about contacting domain owners to inform them that they have done something "unacceptable" with publicly published information like SPF records.

Just like RFC non-compliance. How about asking the rfc-ignorant.org fellas to host an SPF non-compliance list. Just list the guys there and then any person (preferably _not_ someone on the council) can feel free to send a short note saying: "It appears you are using SPF records in an unintended way. This can cause you reject legitimate mail. As you can see you are listed on rfc-ignorant.org (link), have a look."

In general if someone lets me know that I am deviating from standards and that it could negatively impact my operations, I am appreciative. If someone notifies me of their disapproval of my actions because they have been informed of "unacceptable" actions on my part, I am much more inclined to tell them where to stick it.

// Theo Schlossnagle
// Principal Engineer -- http://www.omniti.com/~jesus/
// OmniTI Computer Consulting, Inc. -- http://www.omniti.com/
// Ecelerity: fastest MTA on Earth