spf-discuss
[Top] [All Lists]

RE: Email Forwarder's Protocol ( EFP )

2005-02-22 20:40:24
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Dave 
Warren
Sent: Tuesday, February 22, 2005 5:14 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Email Forwarder's Protocol ( EFP )


Mark wrote:

On Tue, 22 Feb 2005, David MacQuigg wrote:

ow do you currently handle soft fails?



The information just gets added to the Received-SPF header; other than
that, I do nothing with it. I think TEMP-failing goes a bit too far; all
softfail really means is: "If I had my SPF records/setup in order, this
mail would probably have to be REJECT-ted; but since I am not done
configuring yet, please do not take this result too seriously." So, I
don't. :) As Stuart said, the Bayesian filter will then read and interpret
the Received-SPF header.

The way I look at it, a Neutral is "I'm not done yet but I would have
accepted this" and a softfail is "I'm not done yet but I would have
rejected this" -- In other words, it's a good candidate for greylisting,
tarpitting, and whatever other nondestructive toys you wish to through
at the connection simply for amusement.

I've always felt a "softpass" would be better then "softfail" -- Neutral
still has some negative connotations in some people's minds.

The spec is very clear on how you are supposed to treat Neutral - just like
there is no SPF at all.  Domain owners create sender policies with the
expectation that people will do what the spec says.

If you must treat Neutral different than no SPF, at least treat an end of
record Neutral different than a Neutral from a match in the record:

http://bugzilla.spamassassin.org/show_bug.cgi?id=3616

See comment 4 for a disussion of this topic.

Scott Kitterman