-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hector Santos wrote:
----- Original Message -----
From: "Scott Kitterman" <spf2(_at_)kitterman(_dot_)com>
Hector Santos wrote:
Then how are you expecting this to be read?
NEUTRAL --> default neutral, no match, continue
NEUTRAL --> default neutral, no match, continue
FAIL --> FAIL? Or use previous default?
The above doesn't match sense. No?
No, I expect it to match the Neutral mechanism and
return a Neutral result.
I was not referring to your record, but now in general.
For logic like above, if it does not match, it will fail.
Is that the policy?
That is what it says in the spec.
I guess, I would like to understand the reasoning behind returning what seems
to be a "hard neutral."
You are basically declaring:
"I am sending mail from a machine that you
you probably shouldn't trust!"
Whats the point then?
It allows him to use his domain from locations that aren't perfectly
secure, yet still assert that most of the potential sources of e-mail
in the world aren't permitted to send e-mail that claims to be from his
domain.
I guess I'm having a hard time grasping this form of a "Administrative
Policy" - a policy saying you are who you are, you are sending mail from the
machine you expose to the world, but you say at the same time, "don't trust
me. I might be a liar." :-) It is like a cop pulling you over, coming to
your car, and he sees you looking at his badge and tells you, "Don't worry
about it, this badge is probably fake anyway."
Hardly. Neutral is for "this is probably from me". "?all" is
only a valid thing to say if you have absolutely no control
over your domain, because that is exactly what it says.
"?include:example.net" is a good way to deal with situations
where you do not have adequate control over the outgoing servers
you use.
My point is that SPF wins when people send from machines that RECEIVERS can
trust. I see no point sending from a machine where the policy is to declare
it is not "trustworthy." If that is the case, then don't send from it. Send
it from a machine where there is trust.
Of course. The optimum, and desired, outcome is for
all records to only include + and - mechanisms and for
receivers to accept on + for non-blacklisted domains, and
reject on - for all domains.
Welcome to the real world, we ain't even close yet.
We've barely even started.
- --
Daniel Taylor VP Operations Vocal Laboratories, Inc.
dtaylor(_at_)vocalabs(_dot_)com http://www.vocalabs.com/
(952)941-6580x203
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDDf5t8/QSptFdBtURAuIGAJ0Rwpi/KyKgIubDTLA9l/sUAXgGHQCbBO+y
+784+aCQkECGGMEyb3uYhCk=
=MBXZ
-----END PGP SIGNATURE-----