On Tue, 2005-07-05 at 10:36 -0400, Stuart D. Gathman wrote:
So we all agree that rejecting on fail is incorrect when you have no
control over your forwarders. Getting control is currently too expensive
for giant ISPs, and therefore they should not be rejecting on SPF fail.
(Insert discussion of MS starting to reject on lack of Sender-ID
come November.)
So the root of our disagreement seems to be mostly on the meaning of
'giant', then -- which we are presumably defining as the size at which
it become impractical to keep track of your forwarders.
I believe that even a mail domain with a few tens of users like mine
cannot properly keep track of its forwarders, and hence would be called
'giant' in that context.
Hell, forget the users: I probably couldn't even keep track of the
addresses which forward to even _myself_ -- it would be hard even to pin
down a list of IP addresses for the forwarding addresses I can
_remember_, let alone the ones I can't.
Humour me... assume I were to set up a forwarding address
stuart(_at_)infradead(_dot_)org which was forwarded to you. What IP addresses
would
you list for it?
Or suppose you bought a domain from (...googles...)
http://www.yourdomainhost.com/ and used their email forwarding service.
What IP addresses would you list for _that_?
The disagreement is whether giant ISPs not rejecting on SPF fail
renders SPF "useless".
And that decision obviously differs according to your understanding of
'giant' above. By my reckoning, the answer would be a resounding 'yes'.
Partly because so few people can safely actually reject mail due to SPF
failures, but mostly due to the point you make yourself...
Frankly, as long as the giant ISP sends real RFC compliant DSNs (with
empty mail from) that my SRS/SES/BATV encoding can ignore, it is their
problem, and I couldn't care less.
Right. You don't care if the largest mail providers aren't using SPF,
because there are viable alternatives which _do_ work properly in the
real world and provide largely the same benefits which SPF purports to
offer. So it doesn't matter that many people can't use SPF.
Isn't that basically what I said before? ...
| (Scott Kitterman wrote:)
| > I think the benifits are worth the minor inconvenience
| > associated with these edge cases.
|
| Perhaps -- but again, others don't see those same benefits. My users
| certainly wouldn't -- BATV already gets rid of just about _all_ the fake
| bounces, and also allows recipients who use SMTP callouts to reject joe
| jobs _without_ much risk of losing valid mail. What further benefit
| would SPF '-all' provide on top of that?
--
dwmw2