On Thu, 16 Nov 2006, Scott Kitterman wrote:
Another way to put it is that DSNs are no problem as long as everyone does
something that almost no one does and it's impossible for a lot of us to do.
We all agree that DSNs MUST NOT be sent for SPF fail (except perhaps
for specific braindead domains listed in a policy database).
We all agree that DSNs SHOULD be sent for SPF pass (except for blacklisted
spammers).
We all OUGHT to agree that DSNs CAN be sent for SPF softfail, since the
domain owner is essentially asking for feedback.
The disagreement is over sending DSNs for SPF neutral/none. While
my personal and business domains simply reject anonymous mail, pymilter has
configuration options to send DSNs (rate limited to 1/month by default)
instead. This option is used at various clients because their customers have
braindead email and never see a REJECT. (And of course never get even a
guessed SPF pass because of braindead email.) This is controversial, but no
one has suggested a better option.
Actually, I just thought of an improvement as I wrote the above.
Correspondents are auto-whitelisted by outgoing mail. This auto-whitelist
has no effect without SPF pass. However, it could enable sending DSNs
for SPF neutral/none to whitelisted domains when the default policy is
to reject. This would limit backscatter to known relevant domains.
This doesn't address new correspondents, however.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735