Hector Santos wrote:
Just like Relaxed provisions in SPF can create spoofers,
We could update that in v=spf1.1: + HARDPASS, ? SOFTPASS,
~ TESTFAIL, - HARDFAIL, default -all. With a definition
for "HARDPASS" in the direction of op=auth. Just an idea.
SPF can stop abusers if you have a EXCLUSIVE policy (not
neutral or softfail). But you can run into FORWARDING
issues.
The receiver can run into these issues. The sender can't,
most FAIL policies by definition eliminate 251-forwarding,
because that was broken by RfC 1123. FAIL replaces it by
a 551-emulation, good riddance.
DKIM exclusive policies can solve the same problem without
the FORWARDING issue.
Trading it for a mailing list issue. I hope the DKIM list
finds a robust FWS-canonicalization, it's no rocket science.
The remaining mailing lists breaking even that have to be
white listed, like the few 251-forwarders for SPF. The 251
problem is already small, the mailing list problem should
be even smaller.
It is all pretty simple :-)
Maybe. I still don't get the idea of "no signing policy =>
everybody can sign what he likes", is that another "opt-out"
stunt ?
Bye, Frank