On 7/15/19 4:56 PM, Bill Cole wrote: > On 15 Jul 2019, at 15:44, Phil Stracchino wrote:
>> The question that comes to mind here is, if one should not reject mail >> based on SPF failures, then what is even the point of checking SPF? > > A test of SPF can have exactly one out of a fixed set of 7 possible > results. A "PermError" result is not a "Fail" result, it's a technical > error. AAAAAAAAAH. I had not internalized that distinction. Thanks, that clarifies it perfectly. > BUT: to the actual point of the question, a lot of people (including me) > do not use any particular SPF result to make an absolute decision on > accepting or rejecting mail without checking other factors. An explicit > SPF "Fail" is so rare these days for mail that gets past postscreen that > it is more likely to be a mistake by the domain owner or an innocent > transparent forward of mail than an attempted forgery. Instead, I use > SPF Pass as a lightweight component of whitelisting, using > SpamAssassin's whitelist_auth mechanism, and SPF Fail is just a strong > but non-fatal SA rule, and SoftFail as a weaker rule. All of the other > results are best handled as identical: useless. Noted. Thanks for the insight. -- Phil Stracchino Babylon Communications ph...@caerllewys.net p...@co.ordinate.org Landline: +1.603.293.8485 Mobile: +1.603.998.6958
