Stuart - you could well be onto something good here. DSN's for spf TXT
records saying anything other than " -all" would help everyone get spf
records right. Lots of people are testing the waters with ?all ~all and
+all so if you don't mind the raffic - I'd put your auto-DSN email address
in spfhelp to provide the essential information for record publishers.
We just need someone to provide apt-get -able packages for debian/postfix
:-/
Slainte,
JohnP.
johnp(_at_)idimo(_dot_)com
ICQ 313355492
YahooIM j_pinx
AIM johnpinx
Skype johnpinx
----- Original Message -----
From: "Stuart D. Gathman" <stuart(_at_)bmsi(_dot_)com>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Saturday, February 26, 2005 7:36 PM
Subject: [spf-discuss] softfail DSN
I have now added a softfail DSN. I am monitoring this carefully, because
I don't wan't anyone to think that publishing SPF is going to increase
their backscatter spam. So far, however, no one has actually gotten
one of these, because all of the domains returning softfail seem to also
have some sort of DSN filtering in place (causing me to reject the
message). This is probably because if they are smart enough to deploy
SPF, they are smart enough to understand the need for and perhaps deploy
SRS or SES or outgoing return-path tracking.
Why send a DSN for softfail? Well, putting myself in the senders shooes,
when it is used for testing an SPF configuration, it is nice to get
feedback about how it is working. It especially nice to get the feedback
when legit mail gets SOFTFAIL because I missed a mail server in the
SPF record. It is trivial to ignore the DSNs from actual forgeries if
I also deploy SRS or SES - and so far, everyone else has done the same.
Anyway, here is the template:
Someone at IP address %(connectip)s sent an email to
%(rcpt)s, claiming to be sent from %(sender)s.
The subject was:
Subject: %(subject)s
If that wasn't you, then your domain, %(sender_domain)s,
was forged. Although your domain publishes a Sender Policy,
the result in this case was SOFTFAIL, so we have accepted
the message in case there was a mistake.
If it *was* you that sent the email, then your email or
SPF configuration still needs work. If you don't know anything
about mail servers, then pass this on to your SMTP (mail)
server administrator.
There was no PTR record for its IP address (PTR names
that contain the IP address don't count). RFC2821 requires
that your hello name be a FQN (Fully Qualified domain Name,
i.e. at least one dot) that resolves to the IP address of
the mail sender. In addition, just like for PTR, we don't
accept a helo name that contains the IP, since this doesn't
help to identify you. The hello name you used,
%(heloname)s, was invalid.
Furthermore, although you have an SPF record for the sending domain
%(sender_domain)s, the result was SOFTFAIL:
Received-SPF: %(spf_result)s
Since you are still testing your SPF configuration, we are accepting
this email anyway, and letting you know about the failure.
We are sending you this message to alert you to someone forging your
domain (if that is the case), or to problems with your email
configuration.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703
591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper! http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com