spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Re: Qurb SPF plug-in for Outlook and Outlook Express

2005-03-10 18:07:34
from [Linus Upson] [Permanent Link] 
We have exactly the same concerns you expressed, and tried to address
them. One of the reasons we chose to use the term "Not Verified" instead
of something stronger such as "Forged" was because we observed the false
positive rate for SPF to be significantly higher than 1 in 10,000. In
our experience, every user will see a false positive from time to time.

Hopefully we've hit the right balance between "Be suspicious of this
message," and "Don't be too surprised if a good email is marked Not
Verified." When users see "Not Verified" on a message from a friend the
warning tends to be easily ignored. However, when users see "Not
Verified" on a message asking for their credit card number they tend to
be much more cautious.

Linus


-----Original Message-----
From: Frank Ellermann [mailto:nobody(_at_)xyzzy(_dot_)claranet(_dot_)de] 
Sent: Wednesday, March 09, 2005 9:31 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] Re: Qurb SPF plug-in for Outlook and Outlook
Express


Linus Upson wrote:
 

Qurb will never throw mail away because of a FAIL


Please try hard to make sure your users understand that SPF is
not really designed for this usage.  For the one false positive
out of 10,000 FAILs rejected at the MX the sender would get a
good bounce and can try to resend his mail on another route.

If an end user was "trained" to delete 9,999 out of 10,000 spam
mails identified by a FAIl (your "not verified"), then he might
also delete the one false positive.
 
There's also a possible race condition if you check SPF behind
the point where it should be checked, but as you said that
could be considered as "poorly configured SPF record".  If you
explain this in a way that all your users reading manuals can
understand, that would be great.

                       Bye, Frank


-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper!  http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your
subscription, 
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Need greeting-card site advice, Stuart D. Gathman
Next by Date:  RE: Re: Qurb SPF plug-in for Outlook and Outlook Express, David MacQuigg
Previous by Thread:  Re: Qurb SPF plug-in for Outlook and Outlook Express, Frank Ellermann
Next by Thread:  RE: Re: Qurb SPF plug-in for Outlook and Outlook Express, David MacQuigg
Indexes:  [Date] [Thread] [Top] [All Lists]