On Mon, 2005-02-21 at 10:28 -0500, Stuart D. Gathman wrote:
This is something the detractors of SRS have predicted would happen.
But it is not really the fault of SRS, but of a halfway
implementation. Apparently, people are afraid to reject SPF FAIL
because the sender might have screwed up their SPF record. Well, duh,
the best way to find out about your mistake is to get nice clean 550
rejections as early as possible.
They can't reject for an SPF fail -- they have real customers who will
object if valid mail is thrown away.
What they _can_ do is use SRS more selectively -- make sure they a mail
they forward doesn't end up with a better rating than it started with.
So mail which came in with a 'fail' can be sent back out without SRS.
Mail which came in from a domain without SPF records can be sent back
out without SRS. Mail which came in with an 'unknown' result can be sent
back out either unchanged if the record was '... ?all' or rewritten by
SRS to a 'unknown-srs.pobox.com' domain which gives the appropriate
result, etc.
By doing SRS unconditionally on all mail, they're taking responsibility
for everything they forward. That's silly.
--
dwmw2