On Sun, 19 Nov 2006, George Hitz wrote:
The quantity of these bounced e-mails is as plentiful as
always indicating to me that something is not working.
They do not appear to be going away.
This process is quite difficult for me to get my hands
(and mind) around to understand just what is going on.
Can someone help, please?
Not everyone checks SPF. Some of those that do are afraid that you
might not have really meant it when you published instructions to
reject the forged mail. (This is because some people have published
erroneous SPF records and then complained because their mail was
rejected as requested.)
The SPF community needs to work on getting people to do a proper job
of *checking* the SPF records. There are quite a few domains that
publish them now, but people are timid about checking them, and often
checking them incorrectly (like checking relays from a secondary MX
or a non-SRS forwarder).
I sign outgoing mail with SRS to keep remaining bounced forgeries and forged
bounces out of my mailbox. (Forged bounces are sent directly from a spammer,
bounced forgeries are sent from systems receiving forged mail).
The good news is that those who check and reject SPF fail won't see the
spam sent in your name.
BTW, you should always *reject* SPF fail, not just discard it. If
there *is* a mistake in an SPF record, then the sender will see the
rejection and be able to fix it (small domain) or report the problem
to the mail administrator (large domain). You should NEVER EVER
send a DSN or autoresponse for SPF fail (except to get the attention of
specific braindead domains with severe problems).
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735