In
<20060731130543(_dot_)D09C74455(_at_)mailout01(_dot_)controlledmail(_dot_)com>
Scott Kitterman <scott(_at_)kitterman(_dot_)com> writes:
Or can I configure policyd to reject SPF_NEUTRAL for hotmail.com.
How can that be done, ( what about non compliance to SPF )
It's not compliant with RFC 4408, but sometimes the receiver has to do what
the receiver has to do.
RFC4408 says:
* You can, if you want, reject email based solely on an SPF FAIL. You
can pick and choose which FAILs are important to you, but you don't
need to give any other explanation.
* You *must* treat NEUTRAL and NONE the same. If you treat NEUTRAL
more harshly, that will discourage people from publish SPF records
at all. Earthlink, for example, removed their SPF records claiming
that publishing them would increase the chance that their legitimate
email being rejected. (I think Earthlink is wrong here, but then,
these are also the folks that think that challenge-response is a
good idea.)
* You must not reject email based *solely* on an SPF SOFTFAIL.
Really, that should have been said for other results, such as
NEUTRAL/NONE. You need some other reason in conjunction, such as
other spam indicators such as DNSBLs or reputation systems, or even
just a local policy.
So, you can certainly reject on NEUTRAL/NONE and still be in
compliance with RFC4408. If you reject all email that has
NEUTRAL/NONE, then you can even say that say it is due to your policy
to reject all email that doesn't get an SPF PASS. If you choose to
pick and choose, and only reject NEUTRAL/NONE from certain domains,
then you should make it clear that you are picking and choosing and
that it isn't a direct result of the SPF check.
-wayne
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com