Scott Kitterman wrote:
I do think that rejecting mail from domains with problematic
records is draconian
There's no viable alternative, look at it from the POV of a
receiver. The only SPF result a receiver is interested in is
a FAIL (or maybe the greylisting SOFTFAIL). Other results
are strictly irrelevant from the POV of a MX.
Now with an erroneous sender policy the MX wasted time and got
nothing for its efforts, only a syntax error. Useless DNS
queries, delays, server load, for *n* *o* *t* *h* *i* *n* *g*
If the reason was a stupid typo or a user unable to count to
10, then that's net abuse. Tolerance with net abuse is not
exactly what SPF is about. SPF is meant to fight net abuse.
and there are softer methods available.
Most definitely, SPF validators and wizards should support to
create valid SPF policies. And counting to ten is no rocket
science, two hands with all digits are good enough.
Publishing a bogus SPF policy is like publishing a bogus MX.
Shit happens, Murphy rulez, let them just fix it. Bye, Frank