Michael Deutschmann wrote:
The problem is that, like Microsoft SenderID, V-SPF is compromising the
effectiveness of G-SPF by leading senders to be timid in their SPF records.
I don't see much differences among various flavors (G, V, D) of SPF.
Senders who mean SPF to only be used for whitelisting desire that
receivers set, say, whitelist_from_spf in sa, and already have ~all or
?all to choose from. Senders who mean SPF to also reject forgeries set
-all.
I've always thought that we like -all better because it rejects
forgeries. You say that it would be better not to reject forgeries
because then more domains can set -all. But what would that be good
for? Whitelisting won't be whiter on "pass" when the default is -all.
The ability to reject forgeries before getting the DATA has always
characterized SPF as a different tool than SenderID. There is no point
in accepting forgeries. However, in some circumstances forgeries
cannot be easily detected. For example, sending paths for a given
domain may vary because not all users submit on domain's port 587.
Happy softfail or neutral, then.
Besides using SUBMIT, there is the example of those sloppy forwarders
at biguni.edu, which is contrary to a number of practices, including
the fact that the recipient may or may not be able to change/delete
that .forward file depending on unforeseeable circumstances.
Forwarding with an empty MAIL FROM is just as easy and doesn't break
anything, for that case. If the postmasters at biguni really care,
they can forward setting bounces to themselves, so that as soon as
they get one they can delete that dismissed account (and its .forward
file) for good.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com