On Tue, May 17, 2005 at 10:08:36AM -0400, Stuart D. Gathman wrote:
SOFTFAIL is a relaxed result, and should be time limited. I handle
SOFTFAIL by sending a DSN to the purported sender. If there is
a mistake in their SPF record or mail config, the DSN helps them
fix it. If it is a forgery, then the DSN nags them to work on
eliminating the SOFTFAIL - if they don't accept the DSN, I don't
accept the email (kind of a conditional CBV). It is a real DSN
(null sender) so that if the alleged domain signs localparts (SES/SRS),
then forgeries are immediately detected.
Should the spec explicitly bless this behavior in any way, perhaps by
obliquely mentioning that in publishing a softfail result, a domain
owner is effectively soliciting these sorts of helpful, well-behaved
DSNs?
--
Mark Shewmaker
mark(_at_)primefactor(_dot_)com