spf-discuss
[Top] [All Lists]

Re: For SPF Council review - PASS Definition - was: People keep misunderstanding what "Pass" and "Neutral" mean

2005-05-17 13:15:29
On Tue, 17 May 2005, Scott Kitterman wrote:

a.  2.5.3.  Pass

   A "Pass" result means that the client is authorized to inject mail
   with the given identity.  Further determnination is required to 
   find out if the message is authentic before policy checks, such as 
   reputation, or black and/or white listing, can proceed.

b.  2.5.3.  Pass

   A "Pass" result means that the client is authorized to inject mail
   with the given identity and that the message may be treated as
   authentic.  Further policy checks, such as reputation,    or black 
   and/or white listing, can now proceed with confidence in the 
   identity.

Excellent clarification.

Option a lets shared MTA users say PASS instead of NEUTRAL.  It also makes it
pretty well impossible to get beyond anti-forgery and in to anti-spam with
SPF.

Option b means shared MTA users subject to cross-customer forgery ought not
use PASS, but that SPF can be used as a leverage into domain based
reputation.

PASS is meaningless unless it is option b - so that is the only option
I can support.  A NEUTRAL result already gives you the equivalent of option a.
This is consistent with NONE, because having no SPF record means that you have
authorized the entire internet to send your mail.

Primary results:
FAIL            - not authorized and definitely not authentic
NEUTRAL/NONE    - authorized, but not necessarily authentic
PASS            - authorized and authentic to the best of our ability

Relaxed result:
SOFTFAIL        - give us a break, mail configuration is hard

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.


<Prev in Thread] Current Thread [Next in Thread>