spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Rejecting "Best-Guess" failures

2006-07-20 13:29:57
On Thursday 20 July 2006 16:17, Robert Millan wrote:
On Thu, Jul 20, 2006 at 03:37:31PM -0400, Scott Kitterman wrote:
I think no matter what you say it will reflect negatively on the SPF
project since the only people that will read this messages are the false
positives. Given that, what you've written is pretty good.

Are you sure?  Note that the phrase in which SPF is mentioned is quite
positive.  I.e. it presents it to the reader as the solution of the
problem, rather than the cause of it.

Keep in mind that one of the things that I do is answer web site submission 
queries, so I may be biased because I deal with lots of people who the first 
time they heard of SPF was when their mail wouldn't go through <rant>(I will 
say again that DNS providers must not publish SPF records for their customers 
without consulting them - people who use DNS providers that are willing to 
make arbitrary changes to their DNS records without consulting shoud find a 
different provider) </rant>.

As I said, I can't think of a way to make it better.

Ok, in some rocambolesque way, it is the cause since the reason I'm able to
do this kind of rejects is because:

  - SPF-related tools aided me in doing a "best-guess" test.
  - Without the existance of any verification system such as SPF, this
reject would be impossible to solve, and therefore I wouldn't use it.

but this is not how I present it in the message, at least.  That said,
suggestions are welcome of course.  Do you think it'd actualy be better if
SPF wasn't mentioned at all?

No, if you are going to do it, giving them the solution is the right answer.

Stuart Gathman has written about his 3 strikes rule on this list several
times (see the archives).  Although somewhat more complex, I think it is
likely to give a more reasonable result.

I tried to find the reference but all I could find is:

  "you must have at least one (valid version) of the three 2821 IDs I
check: PTR, HELO, MFROM (SPF)"

  from
http://www.mhonarc.org/archive/html/spf-discuss/2005-11/msg00255.html

What does this mean?

If mean that he tests an inbound message for three things:

1.  Does the client IP have a reverse DNS PTR record?
2.  Does it use a legit (FQDN) HELO name?
3.  Does the mail from of the message Pass SPF?

Any one of those is enough to save the message from outright rejection.  

Scott K

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com