-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Alex van den Bogaerdt wrote:
Some people involved in SPF think it is a good idea to publish
something like: "v=spf1 ?include:outbound.mailhop.org -all"
in this case. Others, and I am one of them, disagree.
I am one of those who think that servers that cannot guarantee to prevent
cross-user forgery should be published using "?" rather than "+". Or, you
can of course always publish them with "+" and _take_ the risk.
I'd reserve "?" for "don't know". For instance, you think you have
migrated all users to your brand new mail hub, but some people may
still be using provider "x"'s servers to send their mail. In such
a case you could "?include:x".
Whatever you do, don't publish ?include:... and ?all in the same
policy. That would be silly, as you could easily remove "?include:..."
in such a case and end up with effectively the same policy.
"?all" is for wimps and for those who are unable to clearly define their
e-mail sending infrastructure (which is bad). I recommend using it only
while testing your SPF policy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFcdR2wL7PKlBZWjsRAu8fAJ4mQjibZ230pIn6VRBLNGAKtC/+vwCfWwrL
ME6TpVuPNiG5Xf9Fp0VChnA=
=M+MP
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735