spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Rejecting "Best-Guess" failures

2006-07-20 12:38:41
On Thursday 20 July 2006 15:09, Robert Millan wrote:
Hi!

Given that all the ham I've received to the date seems to pass SPF
"best-guess", and most spam seems to fail it, I'm considering rejecting
mail that fails to pass a "best-guess" check.

Naturaly, since this isn't really an SPF failure I'm not going to advertise
it as such.  I've written the following rejection message:

550-Your message claims to come from example.com, but it is actually
originated 550-in 101.102.103.104, which is in a completely different
network than any of 550-example.com's A or MX hosts.  This suggests that
your message is a forgery 550-attempt.  If this is legitimate mail, please
consider routing it through 550-any of example.com's mail servers, or
publishing an SPF record in your 550 domain to authenticate 101.102.103.104
as a valid sender.

Any comments/suggestions/etc ?  Do you think it's a good idea ?  Is there
anything that could be changed in this message to make it impact more
positively in the image of SPF?

I think no matter what you say it will reflect negatively on the SPF project 
since the only people that will read this messages are the false positives.  
Given that, what you've written is pretty good.

I've never been a fan of best guess as it makes the assumption that sending an 
receiving SMTP servers should be on the same network.  There is no support in 
standards for this assumption.  While a positive best guess result may have 
some utility, I don't think the same can be said for a negative result.

I do not believe that I have ever sent a message that would pass best guess, 
even when I used my domain host's mail server.

So, I don't think it's a good idea.

Stuart Gathman has written about his 3 strikes rule on this list several times 
(see the archives).  Although somewhat more complex, I think it is likely to 
give a more reasonable result.

Scott K

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com