On Tue, 17 May 2005, Hector Santos wrote:
For me, it is either a NONE, PASS or a FAIL and under a "Time Limited"
concept, a relaxed result.
NEUTRAL (mostly)== NONE. The only relaxed result is SOFTFAIL.
The point of NEUTRAL is that when you haven't completely secured
your network, you can still provide PASS/FAIL results for IPs inside
your secured network, and outside your network altogether. Having
some PASS/FAIL results is better than none at all.
SOFTFAIL is a relaxed result, and should be time limited. I handle
SOFTFAIL by sending a DSN to the purported sender. If there is
a mistake in their SPF record or mail config, the DSN helps them
fix it. If it is a forgery, then the DSN nags them to work on
eliminating the SOFTFAIL - if they don't accept the DSN, I don't
accept the email (kind of a conditional CBV). It is a real DSN
(null sender) so that if the alleged domain signs localparts (SES/SRS),
then forgeries are immediately detected.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.