Julian Mehnle schreef:
[...] the scores for a SPF 'neutral' are set to a virtually non-scoring
0.001 points by default in this patch. Unless someone actually changes
it from the defaults, I don't believe the patch as it is will cause any
message to be rejected.
So then what's the point of that SA rule in the first place?
That's an open door. To allow people to add points? There are many more
rules in SA which are set to very low values (0.001) or even disabled by
default (set to '0'). People reading the documentation find that they
can change them if they want, while others that install the stuff 'as
is' will not be bitten by them. I considered scoring on SPF 'neutral'
results controversial enough to award it a low score by default. By
doing so it shows up in the list of rules that hit, but will not have
any real influence on the result without adding a custom score for them.
People awarding more than a fractional amount of points in this case are
probably the same that actually considered SMTP rejecting on SPF
'neutral', so we're not loosing anything here.
Still, a part of the comments in the rule's definition reads:
# "Neutral" can be pretty bad too (if the domain owner doesn't want
# to be responsible, who will?)
"Pretty bad", right? ;-)
Right. It can be pretty bad, it doesn't necessarily mean it *is* bad. At
the time of writing that patch (almost a year ago) it was not clear if
the domains publishing '?all' were going to be forged frequently or not.
That's why I wrote *can* be pretty bad. If that wording is too strong,
that's probably due to my poor command of the English language (as a
non-native speaker).
Arjen