spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Re: Is best guess moronic?

2005-11-18 12:02:40
from [Stuart D. Gathman] [Permanent Link] 
On Fri, 18 Nov 2005, Hector Santos wrote:


The issue is that this non-standard feature CHANGES the meaning of a
standard SPF specification.  It should not CHANGE the meaning of PASS.  A
SPF NONE is a SPF NONE, not a SPF PASS.

Is this a difficult concept to grasp?


Your issue is only relevant when the header could be seen by outside
software.  What cockamany headers I choose to decorate my own incoming
email with for my own purposes has nothing to do with any standard.
(Unless I stupidly install something like SpamAssasin and expect it
to work correctly with my custom Received-SPF header.)

Your issue is highly relevant for a mail gateway, that adds Received-SPF
headers that are used by mail software behind the gateway.  Mail software
behind the gateway has no other way of getting the real SPF result.
(Using the Received header is unreliable.)  You are correct that
such a gateway, if it enables guessing (which is essential to the effective
use of SPF in my operation), should put the guessed result in another header
and preserve the original SPF result of None.  I am sorry if my
software set a bad example, and will change pymilter to add an X-Guessed-SPF
header instead of modifying the Received-SPF header.

I think we all agree that gmail.com should not be guessing, or should
put the guessed result in its own header.  This is not because gmail.com
is stupid.  They were only following what appeared to be best practice.
Those of us doing the best guess thing were not thinking about our little
hack setting a bad example for a big ISP.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Re: Is best guess moronic?, Hector Santos
Next by Date:  RE: [spf-discuss] Re: Is best guess moronic?, Mark
Previous by Thread:  Re: [spf-discuss] Re: Is best guess moronic?, Hector Santos
Next by Thread:  [spf-discuss] Remove non-standard PASS - BEST GUESS from Received-SPF:, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]