Re: [OT]Calling Hector Santos

Hector Santos wrote:
> ----- Original Message ----- 
> From: "Alex van den Bogaerdt" <alex(_at_)ergens(_dot_)op(_dot_)het(_dot_)net>
> > > I was not referring to your record, but now in general.
>
> > A slightly simplified approach:
>
> > Just process the record left to right.
>
> Why would I use APL logic (right to left) when the protocol says otherwise? <g>
>
> > > Whats the point then?
>
> > You cannot be sure mail from those machines is really 
> > sent by Scott but you can be sure other mail is not 
> > sent by Scott.  Do not mistake "?" for anything negative.
>
> I know what ? means Alex.
>
> I don't think you followed my logic here.
>
> I have no interest in "you" (speaking in general) telling me that "you might or not" be a 
> "good guy" because to me, that means you are not trust worthy at any level.  It puts the burden on 
> the receiver to do more work anyway using other techniques.
>
> In other words:
>
>      PASS - ACCEPT
>      FAIL - REJECT
>      OTHER - MORE WORK
Actually I look at as:

        PASS  - More work
        FAIL  - REJECT
        OTHER - More work

I believe the only meaningful result is FAIL. PASS doesn't mean anything but that it's not forged, it still needs to be scanned for 
Spam, etc...



> So the system is optimized by fitting into this paradigm. Anything else is a waste and 
> this is especially the case when a "GOOD" person doing the sending is telling 
> me don't trust him.
>
> I guess what I am saying is that "owners" of SPF DOMAINS should be the last people 
> sending from "neutral" machines.  That should be for other people. Not owners of domains.
>
> Anyway, I found the bug in my 2 year old parser. It basically reflected the 
> above:
>
>      Get/Set PREFIX (default PASS)
>      NO MATCH - continue
>
> When the NEUTRAL prefix was set, the A record match worked, but it returned a 
> NEUTRAL and in my parser, a NEUTRAL continues to the next directive.  The MATCH 
> should of short circuited the parser regarding of the prefix - hence the bug.
>
> I guess, I didn't expect people to be MATCHING on a NEUTRAL by telling world:
>
>     "Hey, its me. You got me! I am sending from the 
>      machine I called from. Just to don't trust me."
> Reading Scott's last message, it makes more sense why he has it this way. A 
> SOFTPASS is basically what it wants to expose.  The problem is that with SPF, 
> in my opinion,  is already too weak when there is no strong PASS/FAIL policy.  
> Anything in between is just fuzzy and most systems are going to do more work 
> anyway.  The benefits of SPF is lost.  However, I guess I can see the 
> Received-SPF feeding a statistics filter.
>
> Anyway, that's my opinion on "hard" NEUTRALs.