spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[spf-discuss] Revising FAIL

2008-01-05 03:18:28
from [Alessandro Vesely] [Permanent Link] 
The current paragraph reads

2.5.4.  Fail

   A "Fail" result is an explicit statement that the client is not
   authorized to use the domain in the given identity.  The checking
   software can choose to mark the mail based on this or to reject the
   mail outright.

I'd rather see

   A "Fail" result is an explicit statement that the client is not
   authorized to use the domain in the given identity.  The checking
   software MUST reject the mail outright.

Marking may allow messages with abused names to hit users. SPF should
avoid exactly that. There are no false positives, since the domain
owner is the direct origin of such "explicit statement". (Yes, there
may be errors in the SPF setup, that's why SOFTFAIL exists. See next
post.)

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription: 
http://v2.listbox.com/member/?member_id=2183229&id_secret=82133590-64c6c5
Powered by Listbox: http://www.listbox.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [spf-discuss] Revising SPF before April 2008, Alessandro Vesely
Next by Date:  [spf-discuss] Revising SOFTFAIL, Alessandro Vesely
Previous by Thread:  [spf-discuss] Revising SPF before April 2008, Alessandro Vesely
Next by Thread:  [spf-discuss] Re: Revising FAIL, Julian Mehnle
Indexes:  [Date] [Thread] [Top] [All Lists]