On Wed, Jul 26, 2023 at 06:44:32PM +0000, Marc wrote: > > At the risk of starting a flame war... > > > > What does "correctly setup SPF" mean to you? > > so your ip does not generate a softfail or fail
Only way to make SPF never incorrectly fail/softwail is to use "+all", but that kind of kills its point :-) (actually, even with +all, some sites will fail it - especially because of it, as +all is sign of either intentional sloppy spammer or incompetent postmaster, both likely leading to spam coming from that site). > > What makes your opinion better than someone else's opinion that differs? > > (I take it for granted that someone will have a differing opinion.) > > When you configure your spf your result is either pass, softfail or fail > I think we can agree that a correctly configured spf results in a pass, don't > you? Well *I* don't. Sometimes, maybe even often, it does. But not always. Any SPF, no matter how correctly configured, will lead to false positives in some cases (e.g. encoutering mailing list or .forward not using VERP/SRS). It is inherit in the SPF protocol (which is why DMARC checks both DKIM and SPF, in order to reduce, but not eliminate, false positives). We are NOT living in ideal world where everybody implements every existing standard. Thus, even most correctly configured SPF will sometimes softfail/fail, when it should not. Trying to pretend that the world is ideal is not really good idea; one might as well pretend that spam does not exist and save all that time wasted on implementing antispam measures :-) -- Opinions above are GNU-copylefted.
