spf-discuss
[Top] [All Lists]

Re: Request for Input on the meaning of "pass".

2005-06-02 10:55:28
On Thu, Jun 02, 2005 at 01:33:54PM -0400, Terry Fielder wrote:

For me (but not for vanity domains) it also asserts that the email is 
authentic (because I trust my MTA's).
But it certainly does not for my personal vanity domain and other users 
of outsourced MTA's.

I would suggest changing your spf records such that your mailfroms
sent from those outsourced machines that you don't fully trust
return neutral instead of pass for now.

Please don't let the fact that few ESPs other than pobox offer
cross-user forgery protections.

I see no use as a receiver in seeing a response of pass that doesn't
imply full confidence.

Therefore my vote is #2: "authorized"

IMHO if the spec is written to have the #2 meaning, then the meaning of
PASS will become less useful as more ESPs get a clue and advertise
prevention of cross-customer forgery as a feature.

But if the spec is written to have the #1 meaning, not only can PASS be
safely used now in a number of cases, (especially for places like ebay
where it's more important), its meaning will still be useful when
prevention of cross-user forgery is as common as prevention of open
relaying is now.

(As an amusing side note, technically only the sending MTA can really
assign meaning to mailfrom.  Example.com could have 
user(_at_)example(_dot_)com's
first mailfrom be a001(_at_)example(_dot_)com, the second one 
a002(_at_)example(_dot_)com,
etc.  It just happens that today mailfroms mostly sort of resemble the
submitter's email address, but that's not necessarily always going to be
case.  So, considering all the past discussion on this issue, (such as
the previous discussion of softpass), I think it's sort of funny that
technically the most we can really ever proceed with confidence with is
an identity that is technically inherently opaque to begin with.  :-) )

As another side note--wasn't this decided a year ago during the pass vs.
softpass vs. hardpass debates that pass would be a strict pass?

-- 
Mark Shewmaker
mark(_at_)primefactor(_dot_)com