Jasper Wallace wrote:
When I can be fairly confident that any random recipient I
send mail to will not go thorugh a forwarder that dosn't do
SRS, then I can change to -all.
That might take decades. Still your decision of course, but
personally I had a reason to be interested in SPF, numerous
bogus bounces (etc.) caused by one spammer forging my domain.
The FAIL hit him - not sure whether he really got it, but at
least he stopped to forge my (vanity) domain excl. two weeks
last month (maybe a test).
Your idea that SOFTFAIL instead of FAIL is "less dangerous"
with random recipients might be very wrong, the opposite is
also possible.
So far I had one case of "false" positive: The next hop saw
a FAIL and rejected (100% as specified). And therefore the
forwarder sent a bounce back to me. I got it, used the "new"
address as indicated in the bounce, sent it again, ready, no
harm done.
Your method SOFTFAIL is less clear, maybe the next hop tries
a TempFail (4xx). You'd probably never see this, unless the
forwarder decides to inform you ("message delayed - trying
again for four days" or similar).
Sooner or later the next hop might decide to accept this SPF
SOFTFAIL, adding a "Received-SPF: softfail" trace header. At
this point it's up to the clueless user what happens. Worst
case is "kill as spam without reading".
Really a clueless user, forwarding arrangements from non-SRS
forwarder to an SPF-MTA without white listing the forwarder
_cannot_ work, that's how SPF is designed, intentionally.
Now it's still up to you what you do, but your theory "SOFTFAIL
is less dangerous than FAIL" is very dubious. I prefer clear
and noisy errors instead of whatever clueless users might try.
Bye, Frank
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com