spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

softfail DSN

2005-02-26 11:36:28
from [Stuart D. Gathman] [Permanent Link] 
I have now added a softfail DSN.  I am monitoring this carefully, because 
I don't wan't anyone to think that publishing SPF is going to increase
their backscatter spam.  So far, however, no one has actually gotten
one of these, because all of the domains returning softfail seem to also 
have some sort of DSN filtering in place (causing me to reject the
message).  This is probably because if they are smart enough to deploy
SPF, they are smart enough to understand the need for and perhaps deploy 
SRS or SES or outgoing return-path tracking.

Why send a DSN for softfail?  Well, putting myself in the senders shooes,
when it is used for testing an SPF configuration, it is nice to get 
feedback about how it is working.  It especially nice to get the feedback
when legit mail gets SOFTFAIL because I missed a mail server in the
SPF record.  It is trivial to ignore the DSNs from actual forgeries if
I also deploy SRS or SES - and so far, everyone else has done the same.

Anyway, here is the template:

Someone at IP address %(connectip)s sent an email to
%(rcpt)s, claiming to be sent from %(sender)s.  
The subject was: 

Subject: %(subject)s 

If that wasn't you, then your domain, %(sender_domain)s,
was forged.  Although your domain publishes a Sender Policy,
the result in this case was SOFTFAIL, so we have accepted
the message in case there was a mistake.

If it *was* you that sent the email, then your email or
SPF configuration still needs work.  If you don't know anything
about mail servers, then pass this on to your SMTP (mail)
server administrator.  

There was no PTR record for its IP address (PTR names
that contain the IP address don't count).  RFC2821 requires
that your hello name be a FQN (Fully Qualified domain Name,
i.e. at least one dot) that resolves to the IP address of
the mail sender.  In addition, just like for PTR, we don't
accept a helo name that contains the IP, since this doesn't
help to identify you.  The hello name you used,
%(heloname)s, was invalid.

Furthermore, although you have an SPF record for the sending domain
%(sender_domain)s, the result was SOFTFAIL:

Received-SPF: %(spf_result)s

Since you are still testing your SPF configuration, we are accepting
this email anyway, and letting you know about the failure.

We are sending you this message to alert you to someone forging your
domain (if that is the case), or to problems with your email configuration.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: URGENT REQUEST: Change the webpage please, Nico Kadel-Garcia
Next by Date:  Official website: Requirements, Contents, Solutions, Julian Mehnle
Previous by Thread:  the state of the web site updates and some discussion, Chuck Mead
Next by Thread:  Re: softfail DSN, jpinkerton
Indexes:  [Date] [Thread] [Top] [All Lists]