Re: [OT]Calling Hector Santos
2005-08-25 10:12:53
Hector Santos wrote:
----- Original Message -----
From: "Scott Kitterman" <spf2(_at_)kitterman(_dot_)com>
Hector Santos wrote:
Then how are you expecting this to be read?
NEUTRAL --> default neutral, no match, continue
NEUTRAL --> default neutral, no match, continue
FAIL --> FAIL? Or use previous default?
The above doesn't match sense. No?
No, I expect it to match the Neutral mechanism and
return a Neutral result.
I was not referring to your record, but now in general.
For logic like above, if it does not match, it will fail.
Is that the policy?
I guess, I would like to understand the reasoning behind returning what seems to be a
"hard neutral."
You are basically declaring:
"I am sending mail from a machine that you
you probably shouldn't trust!"
Whats the point then?
I guess I'm having a hard time grasping this form of a "Administrative Policy" - a policy saying
you are who you are, you are sending mail from the machine you expose to the world, but you say at the same
time, "don't trust me. I might be a liar." :-) It is like a cop pulling you over, coming to your
car, and he sees you looking at his badge and tells you, "Don't worry about it, this badge is probably
fake anyway."
My point is that SPF wins when people send from machines that RECEIVERS can trust. I see
no point sending from a machine where the policy is to declare it is not
"trustworthy." If that is the case, then don't send from it. Send it from a
machine where there is trust.
Anyway, thanks.
For users of shared servers, such a machine is basically non-existent
today. The point of the Neutral record is to say yes, this IS an MTA
that is authorized to send mail from my domain, but I can't guarantee
that because the messages is an authorized communication from my domain.
The point of my SPF record today is primarily to tell you which MTAs
might legitimately send mail from my domain so that if you get mail from
none of those places you can safely conclude it is forged.
Rather than declaring that you probably shouldn't trust the machine, I'm
saying that I can't guarantee messages from the machine. Now, in the
case of that MTA, it's a reasonably safe bet. Pair is a reputable
company that doesn't tolerate spam from it's network, but because
there's nothing technically preventing their other customers from
forging me, it is, I believe, prudent to give a Neutral result.
http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-02.html#cross-user-forgery
Unfortunately, SPF gives me nothing between I don't know (Neutral) and
yes it's authorized (Pass). I argued, and lost, for an intermediate
result called Softpass that would have fit this situation better.
SPF has to work for people that don't run their own mail server too.
Scott K
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [OT]Calling Hector Santos, Scott Kitterman
- Re: [OT]Calling Hector Santos, Hector Santos
- Re: [OT]Calling Hector Santos, Scott Kitterman
- Re: [OT]Calling Hector Santos, Alex van den Bogaerdt
- Re: [OT]Calling Hector Santos, Hector Santos
- Re: [OT]Calling Hector Santos, Alex van den Bogaerdt
- Re: [OT]Calling Hector Santos, Hector Santos
- Re: [OT]Calling Hector Santos, Scott Kitterman
- Re: [OT]Calling Hector Santos, Alex van den Bogaerdt
- Re: [OT]Calling Hector Santos, Hector Santos
- Re: [OT]Calling Hector Santos, Michael Weiner
- Re: [OT]Calling Hector Santos, Hector Santos
|
|
|