spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Re: Revising FAIL

2008-01-09 03:59:02


--On 8 January 2008 17:53:27 -0700 WebMaster(_at_)Commerco(_dot_)Net wrote:


Furthermore, why do you care whether the receiver rejects "Fail" messages
from your domain, or marks them, or drops them on the floor, or feeds
them into their /dev/random?  What difference does it make to you?

Given the choices above, it makes no difference.  I was thinking of
bounce back messages to my servers, which does make a difference.
Perhaps I've forgotten yet another thing about SPF, but does the spec
already provide for recommending the stopping of bounce back messages
from occurring when a domain name is spoofed and SPF "Fail"s?

It does make a difference.

You don't want the receiver bouncing messages. That way, you'll just get hammered by spam blowback. What sense does it make for a recipient to configure their system to return messages to addresses that they've just decided are probably forged?

What you want is for the receiver to reject messages, so that a legitimate forwarder (who's presumably seen an SPF pass) can bounce them back to the sender. That way, the sender can choose to use another contact method - perhaps phone the recipient to alert them that their forwarding is broken.

Remember, rejecting a message is simply saying "I won't accept this for delivery". It's then up to the sender to decide whether to bounce it. Legitimate senders should do that, spammers of course don't.

--
Ian Eiloart
IT Services, University of Sussex
x3148

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription: 
http://v2.listbox.com/member/?member_id=2183229&id_secret=83595447-9c7ff6
Powered by Listbox: http://www.listbox.com