spf-discuss
[Top] [All Lists]

RE: Handling of -all

2005-02-24 18:51:42
Alex van den Bogaerdt wrote:
On Thu, Feb 24, 2005 at 10:49:22PM +0100, Julian Mehnle wrote:
Yes, you are.  You want "-all" not to be taken to mean "-all" (this IP
address is _certainly_ not allowed to use this domain) but "~all"
(this IP address is _probably_ not allowed to use this domain).

I'll let you review your statement again so you can alter it yourself.

Done.

Now:
We are testing. Tests go wrong.  Do not reject. Flag only and inform
the sender when appropriate.  Rejection is strongly discouraged.

You are simply not listening to what I am saying. :-)  All the time in
this thread, I have never suggested that _any_ SPF policy could mean
that the recipient should reject anything.  I have talked in
categories of "the

No Julian, you are not listening what I am saying.

I am saying that we should say "should NOT block" which is NOT the
opposite of saying "should block".

Sorry, I just don't agree.  I _can_ see the SPF spec just defining the
meaning of the various results, and not defining (or recommending) any
concrete reactions.  But I _cannot_ see it explicitly recommending that
messages NOT be rejected as a reaction to a FAIL result "at the moment"
(or whatever wording you'd prefer).

If a domain owner publishes "-all", it is everyone's absolute
right to assume that this is what he meant.  Otherwise, what "now
we can begin taking SPF records seriously" switch date would you
suggest?

IF<<< a domain owner publishes.  Yes.

I need not suggest a date to claim right now is not the time.

Yes, you need to, because otherwise you're not being constructive. :-)

I need not be able to swim, in order to see someone is drowning.

I may not have the same opinion as you have, but don't say that
I am not constructive.  I make a valid point here.

In general, making a valid point (which I don't agree that you are doing
in this particular case) doesn't imply being constructive.  I can say
"life sucks" and have a point, but it still is not constructive.

The alternative you suggested -- as far as I think I understood it -- is
to simply write in the specification: "Rejecting messages as a reaction to
a FAIL result is currently not recommended".  And _that_ is simply _not_ a
viable option.  Please make a _viable_ suggestion.

I estimate we communicate with a very small percentage of those
people.  The rest are enemies of SPF for life, because "we" blocked
their email so SPF is bad and they can send to hotmail so microsoft
is good.

SPF does not block mail.  MTAs block mail, on orders from real
people.  I think most people do understand that (spammers usually
don't).

Maybe you should stop thinking about bits and bytes, and start
talking to end users.  After all, we're making the infrastucture not
for Julian Mehnle but for the general public.

A rejection error message such as the one I suggested in another message
of mine...

  forger.biz [1.2.3.4] is not allowed to send mail with the domain
  "forged.org" in the sender address.  Contact 
<postmaster(_at_)forged(_dot_)org>.

...doesn't even mention SPF.  So why do you think that a clueless user
would blame the problem on SPF instead of on the person who set up the MTA
that blocked the message?  And that person can explain the problem to the
clueless user, not in terms of SPF, but in terms of sender address
forgery.


<Prev in Thread] Current Thread [Next in Thread>