spf-discuss
[Top] [All Lists]

Re: [OT]Calling Hector Santos

2005-08-25 11:27:30

----- Original Message ----- 
From: "Alex van den Bogaerdt" <alex(_at_)ergens(_dot_)op(_dot_)het(_dot_)net>

I was not referring to your record, but now in general.

A slightly simplified approach:

Just process the record left to right.

Why would I use APL logic (right to left) when the protocol says otherwise? <g>

Whats the point then?

You cannot be sure mail from those machines is really 
sent by Scott but you can be sure other mail is not 
sent by Scott.  Do not mistake "?" for anything negative.

I know what ? means Alex.

I don't think you followed my logic here.

I have no interest in "you" (speaking in general) telling me that "you might or 
not" be a "good guy" because to me, that means you are not trust worthy at any 
level.  It puts the burden on the receiver to do more work anyway using other 
techniques.

In other words:

     PASS - ACCEPT
     FAIL - REJECT
     OTHER - MORE WORK

So the system is optimized by fitting into this paradigm. Anything else is a 
waste and this is especially the case when a "GOOD" person doing the sending is 
telling me don't trust him.

I guess what I am saying is that "owners" of SPF DOMAINS should be the last 
people sending from "neutral" machines.  That should be for other people. Not 
owners of domains.

Anyway, I found the bug in my 2 year old parser. It basically reflected the 
above:

     Get/Set PREFIX (default PASS)
     NO MATCH - continue

When the NEUTRAL prefix was set, the A record match worked, but it returned a 
NEUTRAL and in my parser, a NEUTRAL continues to the next directive.  The MATCH 
should of short circuited the parser regarding of the prefix - hence the bug.

I guess, I didn't expect people to be MATCHING on a NEUTRAL by telling world:

    "Hey, its me. You got me! I am sending from the 
     machine I called from. Just to don't trust me."

Reading Scott's last message, it makes more sense why he has it this way. A 
SOFTPASS is basically what it wants to expose.  The problem is that with SPF, 
in my opinion,  is already too weak when there is no strong PASS/FAIL policy.  
Anything in between is just fuzzy and most systems are going to do more work 
anyway.  The benefits of SPF is lost.  However, I guess I can see the 
Received-SPF feeding a statistics filter.

Anyway, that's my opinion on "hard" NEUTRALs.

-- 
Hector Santos, Santronics Software, Inc.
http://www.santronics.com