Seth Goodman wrote:
My counter is still one pseudo-551 since 2004-05 (zero in 2006).
Your counter for forwarded message rejections, as well as everyone
else's, is low because recipients are not rejecting on SPF fail.
If they silently drop FAIL I might not note it, but there was no
case where I expected an answer, didn't get it, checked why, and the
receiver said "oops" claiming that SPF + forwarding was the issue.
For about two receivers I can't tell why they never answered, maybe
they filtered nobody(_at_)(_dot_)
We have it clear that "reject FAIL at the border MX" is always okay,
the sender knows what to do with the resulting bounce. And for the
RECOMMENDED checks at the border "reject" is also the only plausible
reaction. Unless the HELO is white-listed, i.e. when the MAIL FROM
is never tested.
Another place to check SPF is in or near the MUA, SpamAssassin magic.
That's not recommended because it's tricky. But if users get a FAIL
in this scenario they'd know their own forwarding arrangements.
Finally the check resulting in a FAIL can be somewhere behind the
border and bfore (or on) the MDA. Too late for a reject, therefore
noting FAIL in a Received-SPF. That's really dangerous, because in
this scenario the users behind this SPF checker might be clueless:
99.99% of their Received-SPF: FAIL are spam, 0.01% are the result of
their own legacy forwarding, guess once what happens. Or let some
Bayes filter decide it. Violating a SHOULD in an RFC has a price.
It would be a serious mistake to assume that alias forwarding will
go away any time soon
I don't care _when_ it's substituted by one of the many ways to get
a similar effect without the "keep MAIL FROM as is" stunt. Stating
that it _must_ go away sooner or later is the point of SPF FAIL.
Frank
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735