> On Dec 14, 2017, at 4:06 PM, Noel Butler <noel.but...@ausics.net> wrote: > > On 15/12/2017 09:27, Grant Taylor via mailop wrote: > >> On 12/14/2017 03:28 PM, Brandon Long via mailop wrote: >>> My point is that -all is policy, and most people ignore the policy portions >>> of SPF because it completely fails a lot of forwarding cases. >> >> Every postmaster (or organization behind them) has the prerogative to run >> their mail server(s) the way that they want to. > > Agreed, if I publish a -all (which I do and have done for a very very long > time), I expect receivers doing SPF processing of my domains messages, to > honor that! Who the hell are they to assume they know my network and its > senders better than me. >
They don't answer to you - who the hell are you to assume you know what their users want more than they do? They answer to their users. If it is mail that their users are likely to want (because, for instance, they're forwarding mail from somewhere else) then they'll deliver it. You do not dictate policy to the receiving ISP. You, at most, provide a signal to that ISP that gives them additional information about your intent and your policies. They will combine that with their other data, weighted appropriately according to their experience, demographics and policies. The appropriate weighting for a failed SPF -all (when making delivery decisions) is probably going to be very, very low. It's not symmetrical - an SPF pass may have a significant effect on delivery decisions. Part of the reason that the weighting for a failed SPF -all is so low is because there's widespread experience that a) those publishing it don't necessarily understand what it implies and b) recipients often actually want the mail. If you want to argue more loudly that you *do* understand what it means you could publish a matching DMARC record with p=discard. Doing that would tell recipient ISPs that either you've actually done appropriate analysis of your mail stream, you understand that rejecting mail with SPF -all failures will cause legitimate mail to be lost and have made an informed decision. Or, at least, that you're saying that's the case. They're more likely to trust your assertion in that case - though it's still just a signal that they will combine with others before deciding whether or not to deliver an email. (Failed SPF is still a useful signal for some things, though, particularly when deciding whether or not to send an asynchronous bounce.) Cheers, Steve _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
