-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Alex van den Bogaerdt wrote:
On Fri, Aug 12, 2005 at 10:30:10AM -0500, Daniel Taylor wrote:
One could reject or DSN on errors, to let the publishing domain
owner know that they have a problem, but since this _is_ e-mail
and the default has always been "when in doubt, deliver", it makes
more sense to treat SPF errors as a lack of a (compliant) SPF record.
i.e. if you can't be bothered to publish properly, your record
will be ignored and you gain no benefit from it.
By the same reasoning: if there is an error in the only MX record,
deliver to the A record instead.
As we know, this isn't true therefore I think the same logic doesn't
need to apply for SPF as well.
Ignoring SPF records can be considered dangerous. It may be hard
to debug and it could result in users thinking SPF has no value.
You have a good point. I would like the final implementation to be
as strict as possible. The current reality is that compliant SPF records
can be broken by third parties completely uninterested in the process.
That being the case, treating broken as no valid record seems very
appropriate to me. As deployment increases, not having a valid record
may become a good reason to reject e-mail. IMHO we aren't nearly
there yet.
- --
Daniel Taylor VP Operations Vocal Laboratories, Inc.
dtaylor(_at_)vocalabs(_dot_)com http://www.vocalabs.com/
(952)941-6580x203
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDAJA88/QSptFdBtURAuvoAJ9UEdwR5j3iMqWoFfQLpmby9L8KWgCfXWzA
EbDDK5kajAGk5l9VwSFywHU=
=cxyR
-----END PGP SIGNATURE-----