spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [spf-discuss] Re: HARDPASS again

2006-12-02 21:48:33
from [Mark] [Permanent Link] 
-----Original Message-----
From: Stuart D. Gathman [mailto:stuart(_at_)bmsi(_dot_)com]
Sent: zondag 3 december 2006 2:37
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Re: HARDPASS again



      A Modest Proposal: Intensifiers for SPF Results

We should introduce the '*' character as an "intensifier" to
mean "I really mean it". So, for example, the policy:

"spf3.14 ip4:1.2.3.4 *-all"

says FAIL, and I REALLY MEAN FAIL, if the connect ip is
not 1.2.3.4.


Honestly, I cannot say I like the idea much. Few reasons:

1): We already have a distinction between REALLY mean "fail" and being
not-so-sure: "fail" and "softfail" respectively.

2): To "intensify" fail as "*-all" is just another way of de-intensifying
"-all". It just means that "-all" pretty much loses all its effective
meaning as "fail", and would only effectively become fail, or be
interpreted as fail, when one or more intensifiers are applied.


The beauty of this system is that it can applied iteratively.
When people are still afraid to reject forged mail with a *FAIL
result, because you didn't mean it enough, you can up the
ante by just adding another '*':


3): The 'beauty' of the system is also its weakness, because, as sender,
you can no longer entertain reasonable expectations as to what will happen
on "-all"; or even on "*-all". The sender who published "-all" can then
not at all rely on "fails" being rejected (nor even have a reasonable
expectation thereof.) It will then just be a matter of how serious the
receiver takes you. And that undermines SPF, even; because the whole
publishing SPF-records is predicated on the premise of having more-or-less
reasonable expectations towards receivers that they will follow your
published records. But for them to even be able to cooperate with you, the
meaning of your qualifiers cannot be so fuzzy that it's just basically
guess-work.

4): Which brings me to my last point. You'd think that "how serious the
receiver takes you" will be dependent on the amount of stars you add. But
I doubt that. In fact, I venture to speculate that people will soon become
'desensitized' to anything which is say, less than 5 stars. Like hotels.
Who'd ever go to a luxurious hotel that has not at least 4 stars? Nobody;
if it has not 4 or 5 stars, people don't consider it a deluxe hotel any
more. My point being: eventually we'd all just wind up publishing 5 stars
of "intensity". And then I say: why bother with it to begin with?

Really, between "neutral", "fail" and "softfail", I'd say senders have
plenty enough gradation to choose from.

- Mark 
 
        System Administrator Asarian-host.org
 
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Re: SPF TXT Questions re Effectiveness, Alex van den Bogaerdt
Next by Date:  RE: [spf-discuss] Re: SPF TXT Questions re Effectiveness, Seth Goodman
Previous by Thread:  RE: [spf-discuss] Useful SPF results, Seth Goodman
Next by Thread:  RE: [spf-discuss] Re: HARDPASS again, Stuart D. Gathman
Indexes:  [Date] [Thread] [Top] [All Lists]