On Thu, 7 Jul 2005, Tony Finch wrote:
No, my point is that you *can't* know that so you can't tell when your
email will bounce because of your SPF record.
There are many mistakes a mail receiver can make. For instance,
they might block an entire netblock because of some spammer, which happens
to include your netblock. Then your email will bounce because
of your netblock. (Has happened to my clients on many occasions.)
It is a mistake for a receiver to reject SPF fail for one of their own
forwarders. It is a mistake for a receiver to reject on SPF at all
if they don't know their own forwarders.
I've come to agree with Tony and David in a way. SPF *does* have a "forwarding
problem" - in the same sense that the C language has a "buffer
overflow problem". There is no technical problem problem with SPF.
When properly deployed, there are no "forwarding problems". However,
the requirement for strict checking is "know your forwarders", and
this is a difficult problem for many receivers - just as ensuring
that C array bounds will not be exceeded requires careful disipline.
It is very tempting to go ahead and start rejecting on SPF fail despite not
knowing your forwarders.
But this is not a technical problem with SPF. Since SPF offers
"relaxed" modes for both sending and receiving, which have no
requirements at all, new users should be encouraged to always
start with the relaxed modes until they thoroughly understand
the requirements for strict checking and publishing.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.