spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: People keep misunderstanding what "Pass" and "Neutral" mean

2005-05-22 02:07:07
from [Bill Taroli] [Permanent Link] 
wayne wrote:


In <428F0618(_dot_)3040002(_at_)de-korte(_dot_)org> Arjen de Korte 
<arjen(_at_)de-korte(_dot_)org> writes:


wayne schreef:


I agree that SA shouldn't score None, Neutral or the error conditions,

Like it or not, but as long as it tells you something about the
probability that a message can be classified as either ham or spam,
*anything* goes. Including SPF 'none', 'neutral' or whatever kind of
error condition you can think of.


Yes, you have every right to do whatever you want with your machine,
but senders have ever right to do whatever they want with their SPF
records.  If publishing SPF records that result in Neutral causes
their email to be more likely to be rejected, then I think a lot of
domain owners will simply stop publishing SPF records.

By punishing domain owners for having SPF records that can return
Neutral, you may get a short term gain in spam filtering, but you are
hurting us all in the long term.
Considering all the cases that are allowed to return None, Neutral, or Unknown... one begins to wonder what the value is of having SPF records about which one can't realistically assert anything. As a matter of receiver policy, I gather (at least for spfv1) the only result I can really feel safe in rejecting is Fail. To do anything else would unnecessarily block mail from domains who are conservative in their SPF policies, and thus hinder adoption of SPF. Great... but in the foreseeable future this suggests that SPF doesn't necessarily do me much good as an operator either. In fact, all a spammer has to do in order to avoid any backlash from SPF is to either not publish a record or create a situation where the ruleset can't be evaluated (resulting in a unusable none, neutral, or unknown result).
I'm very hopeful that SPF will really help the cause of forming trust relationships between senders and MTA's that receivers can actually use to assert the trust level of a sender. I understand the desire to foster adoption and reduce pain of implementation. But if it doesn't have any teeth or enable us to actually assert anything, except in the corner cases of an absolute "pass" or "fail", then is it's value diminished?
And just to be clear... I'm not seeking to incite a riot here. ;-) I'm just offering some candid feedback based on my impressions of reading the discussion here in just the last few days. 

Bill
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Discuss] pointers for the SPF Council / Wayne, Frank Ellermann
Next by Date:  Re: BTFOOM, Frank Ellermann
Previous by Thread:  Re: Re: People keep misunderstanding what "Pass" and "Neutral" mean, wayne
Next by Thread:  Re: Re: People keep misunderstanding what "Pass" and "Neutral" mean, Arjen de Korte
Indexes:  [Date] [Thread] [Top] [All Lists]