[Top] [All Lists]

Re: The problems with SPF

2005-08-26 08:17:25
On Friday 26 August 2005 08:51 am, David Woodhouse wrote:
The opposite is true. Because forwarding causes failures for SPF, it's
actually only useful in the general case for _positive_ results. You'd
lose genuine mail if you rejected all SPF failures, but you can use SPF
in conjunction with some kind of whitelist.

If the domain holder has said that only certain domains are to be trusted, and 
they want a rigorous policy, based on their spf record, then I *can* and 
*will* safely reject hard FAIL as a problem, per the specification of the 
domain owner.

If users of email addresses at the domain are not following the policy set by 
the holder of that domain, then the mail is not legitimate, by definition, 
becasue it was sent outside of the stated policy of the domain.

For example, I make port 587 with TLS available on mail servers for all 
domains that I support.  I've notified my users that if they send mail from 
these domains that does not originate at the authorized servers, it runs the 
risk of being rejected as invalid.

How is this a problem with SPF?  I see this as a feature, not a bug.


   - Brian

<Prev in Thread] Current Thread [Next in Thread>