On Sat, Jan 01, 2005 at 09:28:25PM -0500, Stuart D. Gathman wrote:
I disagree. A NEUTRAL says that it could be yours. A PASS says that to the
best of your knowledge and ability (i.e. assuming your servers weren't hacked,
etc), the mail is yours. If your mail might go out via other ISPs without
meaningful authentication (i.e. that prevents cross customer forgery),
then they should be listed with '?'.
That's not what it is/was supposed to mean, which was my point -- it seems
that people are interpreting it that way. If that it going to happen, we
should explicitly declare that that is the case. However, up to now, SPF
has explicitly *not* said anything *at all* about authentication of local
parts, and anyone treating it otherwise is over-egging the pudding.
NEUTRAL is generally accepted, but not treated as authenticated. For
instance, reputation services will count its spam score against the IP rather
than the domain.
PASS is generally accepted, and the domain is treated as authenticated.
Reputation services will count spamminess against the domain rather than
the IP.
Well, no. That's not the theory -- it may well be the practice though.
I'm just saying that we should be sure that we're clear which is which,
and that if possible we should make them match up.
Cheers,
Nick