spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Re: NEUTRAL vs NONE for HELO

2006-06-22 11:19:23
from [Stuart D. Gathman] [Permanent Link] 
On Thu, 22 Jun 2006, Alex van den Bogaerdt wrote:


HELO example.com
MAIL FROM:<someone(_at_)example(_dot_)net>

You would find no record for MAIL FROM, and you would see NEUTRAL
for HELO.  According to what you wrote, you would reject this perfectly
legitimate email, correct?
 
As soon as "example.net" would publish "v=spf1 ?all", you would no longer
reject that same message.


Correct.  This discriminates in favor of publishing even a weak
SPF record, so I don't feel guilty about it.

You didn't miss it.  I forgot to mention that aspect.  Then I went
and looked at my current code, and in my last anti-spam bought I
had tweaked HELO checking so that only an SPF pass would override
rejecting HELO neutral.  I will fix this, either by going back to
the way it was before, or by giving HELO neutral the same opportunities
to get delivered as HELO none (so that my local policy doesn't discriminate
against publishing).

I'm thinking I should go ahead and support the full matrix of MFROM,HELO
SPF results in my local policy configuration - would probably be clearer.  
Presumably you have nothing against rejecting on HELO SPF softfail?

All your concerns would be addressed if I simply treated all SPF neutral
results exactly the same as SPF none.  Currently, neutral has a slight
advantage in getting delivered - because at least they're trying.
However, my messages would have to be different for the two cases.  
It is no good advising the would be sender to publish SPF when they have.

What I would really like to know for local policy, is what fraction
of total (in use) IP space gets the neutral result.  If the entire space gets
neutral, e.g. "v=spf1 ?all", then that truly is equivalent to none.
However, if a small fraction gets neutral, e.g. "v=spf1 ?isp.net -all",
then a neutral is much better than a none.  A similar analysis applies
to the other results.  A pass from "v=spf1 +all" is equivalent to none,
and the smaller the fraction of IP space that gets pass, the more significant
the pass result.

Question for libspf2 authors.  Can your SPF record compiler produce estimates
of these fraction at compile time?

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Re: Contact page requests going to SPF-discuss, Terry Fielder
Next by Date:  RE: [spf-discuss] Recent stats on adoption rates?, Steven Dorst
Previous by Thread:  Re: [spf-discuss] Re: NEUTRAL vs NONE for HELO, Alex van den Bogaerdt
Next by Thread:  [spf-discuss] Recent stats on adoption rates?, Dotzero
Indexes:  [Date] [Thread] [Top] [All Lists]