On Friday 26 August 2005 08:51 am, David Woodhouse wrote:
The opposite is true. Because forwarding causes failures for SPF, it's
actually only useful in the general case for _positive_ results. You'd
lose genuine mail if you rejected all SPF failures, but you can use SPF
in conjunction with some kind of whitelist.
If the domain holder has said that only certain domains are to be trusted, and
they want a rigorous policy, based on their spf record, then I *can* and
*will* safely reject hard FAIL as a problem, per the specification of the
If users of email addresses at the domain are not following the policy set by
the holder of that domain, then the mail is not legitimate, by definition,
becasue it was sent outside of the stated policy of the domain.
For example, I make port 587 with TLS available on mail servers for all
domains that I support. I've notified my users that if they send mail from
these domains that does not originate at the authorized servers, it runs the
risk of being rejected as invalid.
How is this a problem with SPF? I see this as a feature, not a bug.