"wayne" replied:
In <05c201c567d6$4f312410$0600000a(_at_)john> "Chris Haynes"
<chris(_at_)harvington(_dot_)org(_dot_)uk> writes:
Actually, I also disagree with the phrase: 'the distinction exists
only for informational purposes' in the Neutral result.
The Neutral policy is a necessary construct when used in association
with e.g. "-all". It narrows down the possible source of forgeries
from the entire Internet (which is the situation with "None") to just
the identified MTA. This distinction is surely far more than
'Informational', and Neutral is _essential_ in constructs such as
this. Just delete the clause after the semicolon if you agree with me.
Your definition of Neutral sounds more like what I remember people
asking for as a SoftPass.
I think it is critical that Senders have a way of expressing a policy
that says "treat this as if I didn't have a policy". This allows
people to test the deployment of SPF records with things such as:
v=spf1 exists:_h.%{h}._l.%{l}._o.%{o}._i.%{i}._spf.%{d} ?all
The can then start adding known Pass and Fail cases to the front and
continue to narrow down their record. It isn't just the case that an
IP address marked as Neutral could send other email, but much of the
time the domain owner just hasn't done enough research to prove
whether the IP address either does, or does not send email for their
domain.
Anyway, I really don't think we want to get into changing Neutral to
be anything other than an alias for None.
You seem to be suggesting above that Neutral is an alias for None.
Consider the following scenario:
1) There is a 'vanity' domain. All its mail is sent via the MX servers of its
MSP 'example.com'.
2) The MSP's MX servers do not prevent cross-customer forgery.
3) Anything from anywhere else on the internet was certainly not authorised by
the vanity domain..
What policy _would_ you recommend in the above scenario?
Chris
.