On Sat, 3 Sep 2005, Gaven Henderson wrote:
My apologies if this has already been discussed. I'm new to this forum and
the archives don't support searches. That said....
Does anybody else think that allowing for non-exclusive (?all) SPF records
completely kills the goal of Sender Policy Framework? Before everyone
responds to that, please consider my reasoning.
It has already been discussed ad nausem.
1) You are correct. The ultimate goal is for all policies to return
either PASS or FAIL.
2) Many sending domains simply do not have a way at present to identify
all outgoing servers, and have not set up SMTP AUTH (or VPN or whatever)
for roaming users. Yes, this is sloppy and questionable practice, but even
most big email providers *still* don't support roaming users. It takes
time for them to get their act together.
3) You are correct in that PASS can't be used for whitelisting when
the sender might be a roaming user that sometimes gets NEUTRAL
results due to failure of their email provider to support roaming users.
However, you and the sender could agree that you would only accept
his mail when sent through the official servers. He could also
switch to a better email provider. If most end users switch
to an email provider with hard PASS and FAIL and roaming user support,
then the backward providers will get with the program or go out of
business.
4) SOFTFAIL helps senders debug their policies. It is not supposed to
be a permanent policy. If everyone sent helpful DSNs (for debugging)
for all SOFTFAIL results, then senders that think it is a good
permanent policy might change their minds :-)
5) Some information is better than nothing. The SPF result does help
bayesian content filtering.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com