spf-discuss
[Top] [All Lists]

Re: overall HELO FAIL

2005-05-27 05:02:07
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frank Ellermann wrote:
That's messy.  Senders need a clear understanding of the
SPF matrix:
[...]

The "receiver policy" mantra has its limits.  E.g. if folks like Carl
Hutzler, Andy Newton, Terry Fielder, etc., who normally know "how stuff
works" are confused, then the next draft should make this as clear as
possible. 

Perhaps we should instead make it clear in the spec why mandating receiver 
policy is mostly pointless.

IMHO "no receiver policy" stands for "no funny MUST or SHOULD".

It doesn't stand for "do what you like, maybe try a random generator".

Oh, come on.  Do you really think receivers are too dumb to figure out what 
reactions to the individual results of HELO and MAIL FROM checks are most 
appropriate _for_them_?

The point of SPF isn't rejecting mail (in which case receivers would indeed 
have to know precisely when to reject), it is about ascertaining whether 
the use of identities in mail is authorized.

To sum it up:

Receivers will have different views on whether the HELO result should 
dominate the MAIL FROM result or vice versa.  I agree that the individual 
result codes have to be defined as clearly as possible, but I don't see 
the value of defining an "overall result" based on the individual results 
of HELO and MAIL FROM checks.  It may satisfy those who think that 
receivers relating the individual results in different, non-standardized 
ways is harmful, but I have yet to see a clear justification for this 
belief.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFClwxAwL7PKlBZWjsRAhMzAJ97HV3dY+VBkjAqKGt4AX0beLHsfACfSUxq
hTEzSTryKGDHgOCeqsiDfUA=
=xuUL
-----END PGP SIGNATURE-----


<Prev in Thread] Current Thread [Next in Thread>