spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [spf-discuss] SPF TXT Questions re Effectiveness

2006-12-02 16:35:57
from [Seth Goodman] [Permanent Link] 
Scott Kitterman wrote on Saturday, December 02, 2006 2:24 PM -0600:


Yes, [I'm] one of those people that suggest Neutral for shared
servers not protected against cross-user forgery is something one
ought to consider.


To make it clearer to the original poster as well as others with the
same question, here are a few ways to express these differences.  For
George's outbound mail setup:


1) v=spf1 include:outbound.mailhop.org -all

SPF results: PASS when from hosts listed in outbound.mailhop.org, FAIL
when from any other host.

Use this when: you only send mail from the designated hosts and you
trust them to limit forgery of your domain. Recommended.


2) v=spf1 ?include:outbound.mailhop.org -all

SPF results:  UNKNOWN when from hosts listed in outbound.mailhop.org,
FAIL when from any other host.

Use this when: you only send mail from the designated hosts yet you do
not trust them to limit forgery of your domain.  Acceptable for SPF,
though not recommended as a mail sending arrangement.


3) v=spf1 include:outbound.mailhop.org ?all

SPF results:  PASS when from hosts listed in outbound.mailhop.org,
UNKNOWN when from any other host.

Use this when: you send some mail from the designated hosts and you
trust them to limit forgery of your domain, and you also send some mail
from other unspecified hosts.  Not recommended.


When considering either 1 or 2 above, it is recommended to first test
with ~all instead of -all.

SPF publishers should also consider that SPF is meant to provide
moderate protection against forgery, not assure at the level of
electronic signatures.  Thus, trusting a shared host to limit forgery of
your domain should be interpreted in this context.  If forgery within
the shared host is possible but very unusual, and system administration
deals effectively with forgery once reported, and you are not a
high-value target for forgery, then it may be appropriate to declare
that you trust your shared host.

--
Seth Goodman

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [spf-discuss] SPF TXT Questions re Effectiveness, Seth Goodman
Next by Date:  [spf-discuss] Re: SPF TXT Questions re Effectiveness, Julian Mehnle
Previous by Thread:  Re: [spf-discuss] SPF TXT Questions re Effectiveness, Scott Kitterman
Next by Thread:  [spf-discuss] Re: SPF TXT Questions re Effectiveness, Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]