----- Original Message -----
From: "Daniel Taylor" <dtaylor(_at_)vocalabs(_dot_)com>
Hardly. Neutral is for "this is probably from me". "?all"
is only a valid thing to say if you have absolutely
no control over your domain, because that is exactly
what it says.
I underatand all that. I guess I am on record on being totally against relaxed
policies. It all does is gives spammers loopholes to work with, puts more
pressure on receivers and gives the Crockers and Levines of the world more
ammunitions to bash SPF.
Welcome to the real world, we ain't even close yet.
We've barely even started.
The real world is based on living with some trust. Fedex man knows on my door.
I see the truck, I see the badge, I uses the signal pad, etc, etc. I don't
expect him to walk away and turn around and tell me "Oh by the way, I fooled
you!"
If one wants to leave in a world that is totally untrustworthed, that aint't
for me. Especially when it come to software and protocols. This is all based
on trust. You use something because you trust it. You trust its behavior.
You really don't expect it doing harm to you. So in the same vain, I don't
expect owners of SPF Domains to be sending from Neutral Machines. It doesn't
make sense to me because it has no value.
Sure, it is probably better than nothing. Sure, it might feed some spam scorer,
but the Real Person (owner) has now just put itself into a "rejection"
potential.
Consider this:
SPAM CONTENT = LOW SPF=NEUTRAL SENDER=REAL OWNER
SPAM CONTENT = HIGH SPF=NEUTRAL SENDER=NON-REAL OWNER
What does that tell you?
It tells you only one thing: the Sender's machine has the POTENTIAL of being
exploited and the idea of SPAM-CONTENT is so subjective, the REAL OWNER is now
at risk.
So it doesn't make sense to me. Sorry :-)
On a related now, what DKIM has the potential to offer is to help in these
situtations, because they could only be one result:
DKIM = VALID SPF=NEUTRAL SENDER=REAL OWNER
DKIM = VALID SPF=NEUTRAL SENDER=NON-REAL OWNER
If DKIM was invalid for any, then INVALID + NEUTRAL is an automtic rejection.
In addition, for DKIM=VALID, this will tell me that the REAL OWNER has allowed
a 3rd party SIGNER and the DKIM REAL OWNER SENDER SIGNING POLICY better reflect
that (allow 3rd party). If it doesn't then that the second transction is an
automatic rejection.
The point here is that there is less fuzzyness. If the real owner is going to
use neutral, then he needs something else to remove the ambiguity and lost of
trust.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com