spf-discuss
[Top] [All Lists]

RE: Standard Authentication Query

2005-03-30 09:21:05
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Todd 
Herr
Sent: Wednesday, March 30, 2005 11:02 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] Standard Authentication Query
snip

All that aside, the ~all bit in our SPF record means "SPF
Neutral", as I understand it.  This means, as I understand
things, that Road Runner neither confirms nor denies that a
given IP not explicitly mentioned in our SPF record can be a
legitimate source of mail from Road Runner.  The receiving
domain doing the SPF checking can either accept or reject email
from an IP not explicitly mentioned in our SPF record, and both
decisions would be correct, as I understand things.
snip

?all = neutral
~all = softfail

From http://www.ietf.org/internet-drafts/draft-schlitt-spf-classic-00.txt

2.5.2  Neutral

   The domain owner has explicitly stated that doesn't know whether the
   IP is authorized or not.  A Neutral result MUST be treated exactly
   like the None result.

i.e. do the same thing you would do if there was no SPF record.

2.5.5  SoftFail

   A SoftFail result should be treated as somewhere between a Fail and a
   Neutral.  The domain believes the host isn't authorized but isn't
   willing to make that strong of a statement.  Receiving software
   SHOULD NOT reject the message based on this result, but MAY subject
   the message to closer scrutiny.

   Since the domain has discouraged the use of this host, receivers MAY
   try to inform either the sender or the recipient of the e-mail.  As
   examples, the recipient's MUA could highlight the SoftFail status.
   Or the MTA could give the sender a message using a technique called
   "greylisting" where by the MTA can issue an SMTP reply code of 451
   (4.3.0 DSN code) with a note the first time the message was received,
   but accept it the second time.

Based on the latest draft, the should not reject either, but particularly in
the case of a SoftFail, may do some extra processing on it.  It sounds to me
like what is in your current record (SoftFail) is actually what you want.

Scott Kitterman