spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[spf-discuss] Re: Univ of Mo, etc. discouraging SPF?

2005-10-25 14:19:50
from [Frank Ellermann] [Permanent Link] 
John Dupuy wrote:


Here is the bad: they seem to be automatically rejecting
messages outright "soft fail".


Not exactly the idea of SoftFail, the spec. proposes some
4xx-greylisting as one way to help in a SoftFail-debugging
period.
 

we have many thousands of legacy customers, for a variety
of reasons, who are not on our IP ranges that send using
our domain. We published the SPF records as a helpful hint,
not as an outright indicator of rejection.


Then you better use Neutral instead of SoftFail, the latter
isn't designed as a permanent solution.
 

That is the whole point of "soft fail" isn't it?


IMHO it's for testing and a transition period towards Fail,
the real hardcore SPF Fail putting an end to forgeries.

| Receiving software SHOULD NOT reject the message based
| solely on this result, but MAY subject the message to
| closer scrutiny than normal.
|
| The domain owner wants to discourage the use of this host
| and so they desire limited feedback when a "SoftFail"
| result occurs.

See chapter 2.5.5 - obviously "reject" (5xx) is explicitly
not meant to be the kind of "limited feedback" triggered by
SoftFail.  OTOH it's a SHOULD NOT, and if the receiver has
good reasons to reject "your" SoftFail (e.g. because it's 
generally spam) they can intentionally violate this rule.

We could distribute the blame, SoftFail was a dubious idea,
you don't use it as intended, the mentioned receivers also
don't use it as intended, but IMO it's no bug in the spec.,
and the main point is always "what will the spammers do ?"

They could attack on neutral and "SoftFail" routes, using
"SoftFail" for very long periods is a bad strategy.


Any suggestions?


Try neutral (?all) as default.  You'd then still offer a
"pass" for some receivers with "white lists" (like AOL).

                          Bye, Frank


-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Univ of Mo, etc. discouraging SPF?, Daniel Taylor
Next by Date:  RE: [spf-discuss] Univ of Mo, etc. discouraging SPF?, Mark
Previous by Thread:  Re: [spf-discuss] Univ of Mo, etc. discouraging SPF?, Daniel Taylor
Next by Thread:  RE: [spf-discuss] Univ of Mo, etc. discouraging SPF?, Mark
Indexes:  [Date] [Thread] [Top] [All Lists]