-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Alessandro Vesely wrote:
The current paragraph reads
2.5.4. Fail
A "Fail" result is an explicit statement that the client is not
authorized to use the domain in the given identity. The checking
software can choose to mark the mail based on this or to reject the
mail outright.
I'd rather see
A "Fail" result is an explicit statement that the client is not
authorized to use the domain in the given identity. The checking
software MUST reject the mail outright.
Marking may allow messages with abused names to hit users. SPF should
avoid exactly that. There are no false positives, since the domain
owner is the direct origin of such "explicit statement". (Yes, there
may be errors in the SPF setup, that's why SOFTFAIL exists. See next
post.)
The problem with mandating receiver policy is that receivers are going to
ignore it at will. Receivers will always do what they think is best for
them.
The current wording merely suggests possible reactions to the "Fail"
result but does not mandate anything. I think it's better that way.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHf2n1wL7PKlBZWjsRArjpAJ4smrsz+pPM8x+Nhv8BSr55BtnUgACeNwoE
NfHDInI8QHFY3dVoiKv1lhI=
=kefx
-----END PGP SIGNATURE-----
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription:
http://v2.listbox.com/member/?member_id=2183229&id_secret=82136789-f49db8
Powered by Listbox: http://www.listbox.com