Hector Santos wrote:
If one claims to FAIL a IP, then why should one quality it
as a NEUTRAL? (lower the bar of the result).
You're talking about a FAIL within include. Here's an eample:
isp.example "v=spf1 what=ever -all"
example.com "v=spf1 reve=tahw -all"
Independent unrelated organizations, for what=ever insert
something that make sense, ip4:1.2.3.4/24 or "what ever",
dito for reve=tahw (insert something different of course).
So far these are "good" policies, we both like it, either
PASS or FAIL is the best case from the POV of a receiver.
Now let's assume that I'm the owner of any.example and my
mail providers are isp.example and example.com. I trust
that the latter is a good MSA, but I'm less impressed by
isp.example, they allow "cross user forgery", shared MSA.
Nevertheless I send most mails via isp.eample (cheaper or
a similar reason). Therefore my sender policy might be:
any.example "v=spf1 ?include:isp.example
+include:example.com -all"
Most mails sent via isp.example => PASS in first include
=> match => final result ?include:isp (NEUTRAL) => ready.
Rare mail sent via example.com => FAIL in first include
=> no match, continue => PASS in second include => match
=> final result +include:example (PASS) = > ready
Spam sent from another IP => both includes don't match =>
continue left-to-right, hit -all at end => FAIL => ready.
It's really simple. But I admit that I still prefer to
use redirect= instead of include:, redirect= is clearer.
But to me, it doesn't make any sense.
Maybe my example helps. Include is good if you have more
than one provider, or if you want "include:not.me" as some
kind of FAIL-accelerator at the begin of complex policies,
when reaching the final "-all" would be very expensive.
Bye, Frank
P.S.: Sorry for not changing the subject, normally I see
when a subject contains the name of a poster, which
is often an indicator for dead "Godwin"-threads, so
I either change it or don't reply. Here it was not,
therefore I forgot to change it.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com