On Sat, 1 Jan 2005, Stuart D. Gathman wrote:
On Sat, 1 Jan 2005, Nick Phillips wrote:
It's your point 1 here that I think is misplaced. A PASS is not saying that
mail coming from that server with your domains on it is really yours, it's
saying that it could be, as that server is authorised to send mail from
your domains.
I disagree. A NEUTRAL says that it could be yours. A PASS says that to the
best of your knowledge and ability (i.e. assuming your servers weren't hacked,
etc), the mail is yours. If your mail might go out via other ISPs without
meaningful authentication (i.e. that prevents cross customer forgery),
then they should be listed with '?'.
You're not correct. SPF does not look at local parts and SPF records for
domains are often very widerange to allow any user from domain to be
authenticated. As such it does not provide very strong sense of the email
is truly yours and is not a good way to judge reputation on.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net