spf-discuss
[Top] [All Lists]

[spf-discuss] Re: How to mark domains that do / do not wish to receive email]

2008-03-31 23:03:28
Alessandro Vesely wrote:

Nobody is forced to publish a sender policy.  When folks do it
they will hopefully cover their HELOs and their mail addresses.
 
That implies the main usage for SPF is to discard misdirected
bounces.

SPF PASS also has its uses, also in policies without FAIL.  After
a PASS *not* sending a non-delivery report and drop the mail would
be really odd.  I'd say SPF is pro "good" and anti "bad" bounces.

Only discarding misdirected bounces after the fact, that is BATV,
and BATV is better than SPF for this narrow purpose, where it can
be used.  BATV tries to cure the symptom, SPF tries to cure the
disease.  Trying both simultaneously is also fine... ;-)

"v=spf1 -all" can be good, it allows to reject forged mail from
any(_at_)www(_dot_)example(_dot_)
 
That causes no harm to the owners of the example domain, correct?

Yes.

The owners could also decide that misdirected bounces to
any(_at_)www(_dot_)example are no problem from their POV without MX for or
SMTP at www.example.
 
Why would they do so? That decision can be a problem for other 
domains, who will accept mail from any(_at_)www(_dot_)example

They could do this if publishing hundreds or thousands of "-all"
policies indicating "doesn't send mail" is an administrative pain.

Spammers are interested to forge plausible addresses, an A or AAAA
without MX or SMTP isn't good enough for "call back verification",
and therefore protecting it might be pointless.  Assumptions about
spammers and CBV are of course shaky, spamers do whatever works 
for them, and "plausibility" might not enter the (their) picture.

An alternative to having a zone cut is to campaign for the addition
of "mail" RRs for each A record. A "mail" RR should be an SPF/TXT
"v=spf1 -all", an MX 0 521-smtp-stub.example.com, or similar stuff.

Would that be any better for either the domain owners or the mail
community as a whole?

After a long battle about "MX required for IPv6 in 2821bis" after
Keith decided to give up on saying this in 2821bis I also gave up :-(

Some folks would support a separate RFC saying this about IPv6.

For IPv4 the nullmx idea might be okay, see the discussion on the
SMTP list.  For IPv6 I don't see why billions of toasters and other
devices should need a nullmx to "opt out" from mail.  It is better
than "v=spf1 -all" for two reasons I'm aware of, but for IPv6 I'd
prefer a mandatory MX as "opt in".

 Frank

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/735/=now
RSS Feed: http://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com