On Thu, 13 Jan 2005, Alex van den Bogaerdt wrote:
First of all, in this case it would result in "?all" and that
is to be considered equal to not having a record at all.
As far as evaluating a specific message for forgery, then yes. However, when
evalutation the reputation of a domain, it might make a difference. For
instance, on my server a domain gets brownie points for having an SPF record -
even if the current message gets a NEUTRAL result with it. Hence, a specific
message is more likely to be flagged as spam (as separate issue from
the forgery issue) with no SPF record than with an SPF record giving
a NEUTRAL result.
Let me draw the distinction once more - because I can "hear" some shouting
about how NEUTRAL MUST be considered the same as no record. I agree -
for the purpose of determining whether a message is forged. But
forgery is a different issue from domain reputation. For instance,
I have a huge database of domains which get immediately rejected
with an SPF PASS (or any other result). When I confirm that a specific
message is spam, and that message got SPF PASS, and I don't recognize the
domain as a public ISP, the domain goes immediately into the blacklist (not
recommended in general - ideally the database should track SPAM/HAM ratio and
have a threshhold - like GOSSiP, but I have other things to work on). If the
result was NEUTRAL, the domain would not go into the blacklist - because
it might be a joe job. So for my personal mail, an SPF PASS result for
most spam causes an immediate blacklisted reputation for the domain, but
an SPF NEUTRAL or no spf record does not.
And finally, I'll restate a third way. SPF stops MAIL FROM domain forgery.
It does NOT stop spam. It does NOT stop rfc2822 forgery. But the
SPF result is a useful input for your spam strategy. Hence, there
MAY be a difference between a NEUTRAL result, and no SPF record for
purposes other than detecting forgery.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.