On Wed, May 18, 2005 at 10:46:40PM +0100, Chris Haynes wrote:
I'm suggesting that publishing PASS against an IP is making _both_
declarations
at the same time:
1) The domain sends messages via this IP
Not necessarily true. For instance, a known forwarder could
also send messages using the domain's name. If the policy is
to allow this (for now, or for ever) then this is something
else but still valid.
Suggestion: 1) The domain's name is used from this IP
AND
2) The IP is trusted not to send forgeries
Agree.
NEUTRAL is making only the first of these two declarations.
Agree.
PASS means the IP is totally trustworthy from an SPF point of view.
There are people, like me, that parse "totally" as "totally".
My brain is wired to think: well, then I should never ever
see a PASS because nothing in life is sure, except death.
Yes, I know, "...from an SPF point of view." I just don't get
that far while reading. And it is a fuzzy statement.
"The IP is trusted not to send forgeries"
is a much more elegant statement IMHO. It does imply
this host is allowed to send, or else it wouldn't be
specifically mentioned at all.
So:
PASS: We do trust this IP not to send forgeries (and do use it)
NEUTRAL: We don't trust this IP but it is allowed to use our name
SOFTFAIL: We don't trust this IP but some of us may (still) be
using it by mistake. Please give us some slack and do
notify us of any usage if you like
FAIL: We don't trust nor use this IP. Please don't bother us
with DSNs, auto-replies, vacation messages and the like.
Alex