spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [spf-discuss] Useful SPF results

2006-12-04 14:29:56
from [Seth Goodman] [Permanent Link] 
Scott Kitterman wrote on Monday, December 04, 2006 6:04 AM -0600:


Mechanism in a record that start with ? aren't terribly useful.
Agreed.

What is useful is the -all at the end which some people would be
unable to publish without the option for ?mechanism.


I think the disconnect here, in the terms Wayne introduced, is between
what the sender wants to say and the recipient needs to hear.  Senders
may think, "my outgoing mail is legitimate, so I don't want to say
anything that might increase the chance of rejection; at the same time,
recipients shouldn't hold me responsible for forgeries that my provider
permits".  That is clearly unrealistic, yet SPF unfortunately encourages
such statements.

The case you bring up is when the sender wants the recipient to reject
all messages that use their domain name from undesignated hosts, but
their designated hosts are untrusted, so they want the recipient to act
as if there were no SPF record.  I can understand this desire on the
part of the sender, but consider it from the recipient's point of view.
What might the recipient do differently if the result for a listed host
were neutral rather than pass?

Some say the recipient can flag the message for further scrutiny.  In
practice, that means proceeding through data and assigning the message
demerits in a content filter.  This has a large potential for unexpected
results and doesn't reduce the recipient's effort.  Similarly, some
suggest that recipients refrain from applying reputation for messages
with neutral SPF results.  That doesn't make sense for untrusted
senders, and is unnecessary for trusted ones.  It is not productive to
allow untrusted senders to declare that reputation systems do not apply
to them.  This is nonsense to recipients, and they're the ones we expect
to check SPF.

--
Seth Goodman

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] SPF and anti-SPAM legislation, Scott Kitterman
Next by Date:  RE: [spf-discuss] Useful SPF results, Stuart D. Gathman
Previous by Thread:  Re: [spf-discuss] Useful SPF results, Scott Kitterman
Next by Thread:  RE: [spf-discuss] Useful SPF results, Stuart D. Gathman
Indexes:  [Date] [Thread] [Top] [All Lists]