spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] How can one alert domain admins of broken spf records

2006-06-08 07:17:17
from [Stuart D. Gathman] [Permanent Link] 
On Thu, 8 Jun 2006, Alex van den Bogaerdt wrote:


Neutral is a decision made by the publishing party, and effectively
asks you to process the message as if no SPF record was available.
It certainly does not mean you should reject the message, au contraire.

Would you be rejecting such mail, you would not be SPF compliant.  At
least, if you would claim you rejected it due to SPF.  Of course you
are free to reject spam, viruses, or any mail for that matter; just
don't blame it on SPF.


I disagree.  Once you have correctly arrived at the SPF result
specified by the sender (PASS,NEUTRAL,SOFTFAIL,etc), you are SPF compliant.
What you do with the email is your local receiver policy, and is
independent of SPF (and hopefully depends on many factors).  The stated goal of
SPF is to eventually evolve to a situation where NONE and NEUTRAL *are*
commonly rejected.  This is just not practical at present.

I reject on NEUTRAL for a handful of domains that have boatloads of forged
spam sent in their name (they really need a strict record).  The
list includes:

SPF-Neutral:yahoo.com   REJECT
SPF-Neutral:hotmail.com REJECT
SPF-Neutral:arosii.com  REJECT
SPF-Neutral:oracle.com  REJECT
SPF-Neutral:msn.com     REJECT
SPF-Neutral:rr.com      REJECT
...

Yes, I know this means that if you put your hotmail address as 
the MAIL FROM on your home cable email client, my system will reject
your mail.  This hasn't been a problem because people normally use hotmail 
because it is webmail available from anywhere.  Hotmail should offer
an SMTP AUTH relay service for paying customers - then change their
record to strict.  (The same goes for the other free webmail services.)

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] How can one alert domain admins of broken spf records, Ramprasad
Next by Date:  Re: [spf-discuss] How can one alert domain admins of broken spf records, Arjen de Korte
Previous by Thread:  Re: [spf-discuss] How can one alert domain admins of broken spf records, Scott Kitterman
Next by Thread:  Re: [spf-discuss] How can one alert domain admins of broken spf records, Scott Kitterman
Indexes:  [Date] [Thread] [Top] [All Lists]