Florian Weimer wrote:
IIRC, -01 said that PermError should be treated as SoftFail
It was -00 up to -01pre? and Fail (5xx), never SoftFail (4xx):
| A PermError result means that the domain's published records
| couldn't be correctly interpreted. Checking software SHOULD
| reject the message. If rejecting during SMTP transaction
| time, it SHOULD use an SMTP reply code of 550 and, if
| supported, the 5.5.2 DSN code.
That the first SHOULD was a bad idea (aka "receiver policy")
is undisputed. The removal of the second SHOULD is IMNSHO a
bug. The SPF Council resolution was delayed and manipulated
resulting in a foul compromise. Let's assume that 550 5.5.2
is still there as it SHOULD. For syntax errors it's the best
receivers can do.
For include / redirect it's less clear. If the "pointer" is
incorrect (e.g. "include:site.invalid") PermError and reject
should help. If it's only a temporary side effect of updates
and DNS TTLs TempError would be better.
this is a quality-of-implementation issue and can be
addressed using retry hints databases which help to detect
persistent temporary failures. (Most MTAs and DNS resolvers
have such capabilities, BTW.)
"Most" is dangerous. Before you started this thread I would
have said "most missing include / redirect are really missing"
(typos or problems like "earthlink deleted its sender policy").
Bye, Frank