Stuart D. Gathman writes:
I treat softfail as "debugfail" or "neutral with debugging DSN replies". It
accepts the message (subject to additional requirements similar to a neutral
result), but sends a DSN (rate limited) to the alleged sender
informing them of either a forgery or an error in their SPF record.
Softfail is not "debug", it is (among other things) a hint to
Spamassassin and similar scoring systems. A softfail adds to the
score, but it doesn't add as much as an outright fail.
Domains with a lot of users sending mail from a lot of places (such as
airports, hotels, libraries, internet cafes, etc.) cannot possibly
list all the possible sources of legitimate mail from the domain, nor
would they want to say all mail from these places is authorized. They
can, however, use softfail to indicate that mail from these places is
unusual and ought to survive other screening with little doubt about
its legitimacy.
--
Dick St.Peters, stpeters(_at_)NetHeaven(_dot_)com
Gatekeeper, NetHeaven, Saratoga Springs, NY