Re: overall HELO FAIL

william(at)elan.net wrote:

For a list that had 0 messages in the last 3 months, 50
messages in just one day is an interesting change of scenery.


Doug's choice.  I expected it on the SMTP list, but mxcomp is
also okay.

 [HELO vs. MAIL FROM]

They are not serious problems with a draft, they are problem
with people not reading the draft and not being properly
educated on how SPF is supposed to be used.


IBTD.  One very old state was "MAY test HELO" just because it
has to work anyway for an empty MAIL FROM.  That was changed
to "SHOULD test HELO".  That a HELO FAIL is an overall FAIL is
a part of the game, otherwise why "should" you test it first ?

But such stuff has to be communicated, it's really bad if Carl,
Andy, or Terry don't know it.  And it's also bad if the simple
"overall FAIL" is removed, what does this mean ?

The strong point of SPF was always FAIL.  After hard fights
Wayne managed to add PermError for a reliable error handling.

But now it's going backwards in the wrong direction, HELO FAIL
unclear, and PermError is something between NEUTRAL and FAIL,
quite literally a SOFTFAIL at the moment, that's wrong.

receiver should not be required to test both MAILFROM and
EHLO


That doesn't reflect "SHOULD test HELO".  You can't have it
both ways at the same time.  It's either MAY and then let the
receiver do with it what he likes, or it's a SHOULD and then
a HELO FAIL is an overall FAIL.

Get away from receiver policy. A policy should be if you see
this record this is what it means, what identity it applies
to and how its to be used.


"v=spf1 -all" means "never", the identities in classic SPF are
HELO and MAIL FROM, and it's used to reject forgeries.

"v=spf1 =all" means "oops", the identities don't matter, and
it should be reported as "oops" in an SMTP error code.

receiver should be free to decide to use SPF FAIL as part of
larger policy system but not directly reject on it if he does
not want to


Sure, it's unnecessary to say anything with a MUST or a SHOULD
about it, but the normal expected standalone SPF meaning must
be still clear for all parties, senders, publishers, support
desks, MX admins, Carl, Andy, Terry, you, and me.

FAIl is FAIL and oops is oops.  HELO FAIL is not "are you sure
that you wanted to test HELO, how about ignoring it ?".  And an
"oops" is not the most expensive way to emulate a NONE.

                       Bye, Frank

<Prev in Thread]	Current Thread	[Next in Thread>
Fwd [from ietf-mxcomp]: overall HELO FAIL, Julian Mehnle overall HELO FAIL, Frank Ellermann Re: overall HELO FAIL, Terry Fielder Re: overall HELO FAIL, Frank Ellermann Re: overall HELO FAIL, wayne Re: overall HELO FAIL, Frank Ellermann Re: overall HELO FAIL, Julian Mehnle Re: overall HELO FAIL, Stuart D. Gathman Re: overall HELO FAIL, Alex van den Bogaerdt Re: overall HELO FAIL, william(at)elan.net Re: overall HELO FAIL, Frank Ellermann <= Re: Re: overall HELO FAIL, wayne Re: overall HELO FAIL, Frank Ellermann Re: overall HELO FAIL, Julian Mehnle Re: overall HELO FAIL, Hector Santos Re: overall HELO FAIL, Dennis Willson Re: overall HELO FAIL, Ralf Doeblitz Re: overall HELO FAIL, Frank Ellermann Re: Re: overall HELO FAIL, Julian Mehnle reviews (was: overall HELO FAIL), Frank Ellermann Re: reviews (was: overall HELO FAIL), wayne