spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Time to start rejecting on neutral?

2005-05-17 12:19:20
from [Daniel Taylor] [Permanent Link] 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hector Santos wrote:



No, I accept that it might be needed, but I strongly feel it only make sense
from a time limited based.


You make a good case for this. However, I suspect that as spammers take
more advantage of the weak results it will put more pressure on domains
to cover as much as possible with strong results.

Most private domains can already do a:example.com -all
or more restrictive records with little effort. Hosted domains
can get by with ?a:hosting.domain -all or similar for now, but
hosting services that don't take some measures against cross
user forgery will start seeing people leave for self-hosting
or providers that do provide protection.

There is a lot of discussion here about more difficult cases, but they
are the exception rather than the rule. They are significantly more
interesting by nature, and in most cases the domain owners have a lot at
stake, but I haven't yet seen an example where I would say that SPF
isn't usable.



As far as I am concern, if a domain is relaxed, it was a worthless lookup as
far as the SPF server is concern.   It doesn't check any futher
authentication concepts for systems that have more than one.   For these
type of systems, the made be able to trap the malicious transaction using
other means.   But for a system just using SPF, their system would be over
burden.


If a domain _only_ provides relaxed results it is pretty useless.
Even so, AOL's +/? record allows for some determination (I think that
they could probably go +/~, but I don't have to support their network
so I could be wrong). Domains that provide ?/- allow for rejects even
when they have to rely on dodgy servers for their outbound mail.

As the saying goes, don't let the perfect be the enemy of the good.

Relaxed results can get people using the system, and with other tools
(mimedefang, bayesian filtering, etc.) can be useful in any event.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCikO48/QSptFdBtURArF5AJ0dSGZBgzKp3WkQZWBXTnZ/q9ylLACcCS9t
Fzj7fLQcT6z3hN4Q1FiCN9w=
=SrUt
-----END PGP SIGNATURE-----
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Time to start rejecting on neutral?, Hector Santos
Next by Date:  Re: People keep misunderstanding what "Pass" and "Neutral" mean, Mark Shewmaker
Previous by Thread:  Re: Time to start rejecting on neutral?, Hector Santos
Next by Thread:  Re: Time to start rejecting on neutral?, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]