On 2017-12-15 10:06:44 (+1000), Noel Butler wrote:
On 15/12/2017 09:27, Grant Taylor via mailop wrote:
On 12/14/2017 03:28 PM, Brandon Long via mailop wrote:
My point is that -all is policy, and most people ignore the policy
portions of SPF because it completely fails a lot of forwarding
cases.
Every postmaster (or organization behind them) has the prerogative to
run their mail server(s) the way that they want to.
Agreed, if I publish a -all (which I do and have done for a very very
long time), I expect receivers doing SPF processing of my domains
messages, to honor that! Who the hell are they to assume they know my
network and its senders better than me.
The pros and cons of SPF -all vs. ~all have been discussed often on this
mailing list (do people read archives anymore?) and the discussion
always ends up split between the "receivers with many non-techy users
who just want their mail" and "senders who insist they know where all
their mail originates".
If you're a large enough receiver, I think you probably have enough
other data/signals to treat SPF -all fails simply as another signal in a
more elaborate scoring system.
If you're a small enough sender, you can probably insist that your users
use your MSAs.
I publish -all for my personal domain because I know all the users and I
can whitelist plain forwarders (e.g. freebsd.org). My -all indicates
that any message with an envelope @trouble.is that does not come from
one of my listed servers is so much more likely to be a forgery that I
don't care about the few exceptions.
Depending on their users, everyone will have different policies.
Philip
--
Philip Paeps
Senior Reality Engineer
Ministry of Information
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
