On Mon, 21 Feb 2005, David Woodhouse wrote:
On Mon, 2005-02-21 at 10:28 -0500, Stuart D. Gathman wrote:
This is something the detractors of SRS have predicted would happen.
But it is not really the fault of SRS, but of a halfway
implementation. Apparently, people are afraid to reject SPF FAIL
because the sender might have screwed up their SPF record. Well, duh,
the best way to find out about your mistake is to get nice clean 550
rejections as early as possible.
They can't reject for an SPF fail -- they have real customers who will
object if valid mail is thrown away.
When an SPF record is published, it defines what mail is valid.
By definition, mail that fails SPF is not valid. If the sender made
a mistake in their definition of valid mail, they need to know ASAP.
It is understandable if a sender can't immediately publish -all because
of needing to set up SMTP AUTH, etc. However, when a sender *does*
publish -all, it is not helpful for the receiver to second guess them
and say, "Gosh, they can't really mean it."
What they _can_ do is use SRS more selectively -- make sure they a mail
they forward doesn't end up with a better rating than it started with.
That I can agree with.
So mail which came in with a 'fail' can be sent back out without SRS.
Mail which came in from a domain without SPF records can be sent back
out without SRS. Mail which came in with an 'unknown' result can be sent
back out either unchanged if the record was '... ?all' or rewritten by
SRS to a 'unknown-srs.pobox.com' domain which gives the appropriate
result, etc.
Reasonable.
By doing SRS unconditionally on all mail, they're taking responsibility
for everything they forward. That's silly.
Agreed.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.