spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Senderside forwarder-problem mitigation

2009-07-08 09:17:36
On Wed, 8 Jul 2009, Scott Kitterman wrote:
V-SPF mostly gives inferior information.  In V-SPF, softdeny is pointless,
and V-SPF neutral collapses together G-SPF neutral, softdeny and fail. But
V-SPF's fail maps to something that just doesn't exist in G-SPF.

The differences are under the control of the receiver, so there is really
nothing to specify on the sender side.

Yes there is.  If the two sides are not coordinated, breakage results.

If the receiver speaks V-SPF and the sender speaks G-SPF, the forwarding
problem bites.

If the receiver speaks G-SPF and the sender speaks V-SPF, SPF becomes
ineffective as a forgery blocker because almost no V-SPF senders use -all.

In both cases SPF would be more effective if the receiver knew what form
the sender was speaking.  "fm=soft" will clarify that G-SPF was intended,
while "fm=hard" provides access to the stricter fail of V-SPF.


I suspect the original intention of SPF was to have senders write as if
for G-SPF, and for receivers to treat polices as if they were V-SPF, thus
creating a pincer that would crush the forwarders into submission.  But
this backfired completely.  Now receivers use G-SPF and many senders use
V-SPF.

Note: I consider a false positive mail rejection to hurt the sender more
than the receiver.  Thus, it does not appear to be a significant problem
that receivers might deliberately ignore "fm=hard".  The real problem is
senders who are afraid to use G-SPF because of V-SPF receivers.

---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com

<Prev in Thread] Current Thread [Next in Thread>