spf-discuss
[Top] [All Lists]

RE: [spf-discuss] Re: "pretend" MAIL FROM

2007-03-15 18:54:41
On Thu, 15 Mar 2007, Seth Goodman wrote:

Except I'd be rejecting most of them on SPF fail.

Starting off with the idea that you will reject on SPF fail unless the
sender is whitelisted is one way to solve the problem.  This certainly
works, but it's not terribly practical for large systems.  As you have

Such a policy would be *per recipient*, as I outlined in best practices.
If a mail user didn't setup forwarders, you don't reject on SPF fail
for that user. 

One approach is to move beyond the idea that you reject on SPF fail for

While large systems can fall back to IP blacklists, that is not practical
for a small system, and rejection on FAIL is essential.  A large system
would of course not reject on fail for every user, as I have said
many times.  In best practices, we recommend that large system
delay checking SPF until RCPT TO so that such policies can be
per user.

down to IP.  Because of the prevalence of alias forwarding, SPF fail on
MAIL FROM can be viewed as the absence of a confirmed MAIL FROM identity
to assess for reputation.  Other confirmed identities for a sender may
still have sufficient positive reputation to accept mail from them.  In

The goal here is to reject *more* mail.  There is too much as it is.
You suggestion might be appropriate for a large system for specific
users that haven't configured forwarders.  Admittedly, probably most
of them - but at least power users get some real SPF fail rejection.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735