On Wed, Feb 09, 2005 at 01:34:50PM -0800, Jim Fenton wrote:
I think we're all aware that SPF does not work well with message
forwarding (college alumni addresses and the like). Given that's the
case, how should -all be handled? Two possibilities I can think of:
(1) Originating domains that potentially send through forwarders should
not publish a -all policy, since some recipients might inappropriately
reject forwarded messages. Since it's hard to know what addresses are
forwarded, -all policies would probably be quite rare.
(2) SPF verifiers should not reject mail that does not match a -all
policy, because of the possibility it came through a forwarder.
(3) Forwarders should be aware of the reason SPF exists, and stop
(ab)using 3rd party "mail from" ?
Separate from this issue, I think it is too soon to block
messages based solely on SPF. But that's just MHO of course.
Alex