spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Re: GMAIL mis-usage of SPF?

2005-11-18 13:27:35
from [Hector Santos] [Permanent Link] 

----- Original Message -----
From: "Daniel Taylor" <dtaylor(_at_)vocalabs(_dot_)com>


You have a good point. "Best Guess" was AFAIK, formed from a lenient
interpretation of what a lot of mail servers were starting to do
pre-SPF. SPF came about because it quickly became evident what a
craptacular idea it was when implemented from the receiver's end
and the "Best guess" mechanism was put in place as a transition.
It wasn't the best idea, but it helped in the first few months.

I'd actually say that we may have enough of a critical mass (what is it,
10% of domains publish? 30% of email with validatable SPF?) that
"Best guess" can be declared officially obsolete and deprecated as
a technique, in addition to being removed from the reference
implementation. I'll double check the mail servers I run, and see
if I can pull some stats.


I see your point.  I appreciate the historical perspective.

So essentially, there were three basic criteria for a SPF PASS:

    IP::MAILFROM DNS SPF record association
    IP::HELO DNS SPF record association
    IP::HELO DNS A/PTR record association

The last one wasn't made part of the specs, but it was added to the Perl
script, and maybe others that followed the perl script, because during early
adoption, there was not enough SPF records.

Ok. I can see this thinking. I would argued against it, but at the very
least, use "Received-SPF: none" so that it doesn't alter standard
implementation.

Finally, we already have confusing with MIXED policies. This throws another
into the mix:  REAL-SPF-PASS +  FAILED IP::HELO A/PTR condition.  So to use
a PASS - BEST GUESS when the IP/HELO does match, would be inconsistent when
a real PASS was found, and the IP/HELO was not checked to see if it would
match.

  FAKE-PASS (... BEST GUESS...)
  REAL-PASS (... POSSIBLE FAILED BEST GUESS NEVER CHECKED ....)

That's part of the problem with this when you mix in different ideas.

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com






-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Re: Is best guess moronic?, Dick St.Peters
Next by Date:  RE: [spf-discuss] Re: Is best guess moronic?, Mark
Previous by Thread:  Re: [spf-discuss] Re: GMAIL mis-usage of SPF?, Daniel Taylor
Next by Thread:  Re: [spf-discuss] GMAIL mis-usage of SPF?, Julian Mehnle
Indexes:  [Date] [Thread] [Top] [All Lists]