Re: SPF test clarification

Fri, 20 Jan 2006 04:42:49 -0800 


Jason Bertoch escreveu:


<pedestal>

It's my opinion that if an administrator misconfigured his SPF record, 
or a
number of other things on their side, it is their fault that mail 
cannot be
delivered.  In the case of SPF_FAIL, they have explicitly told us they 
don't
want mail to come from a server not listed in their record and I 
believe we
should follow their directive.  In fact, isn't that the point of SPF; 
to help us

reject forged messages coming from unauthorized servers?  Why bother even
dealing with SPF if we're still going to let people get away with poor
administration?  That's partly how we got here in the first place...
</pedestal>




  Yes, I agree with that. If you're working on a financial institution 
and you're pretty worried about mail forgery, than any kind of SPF Fail 
should be enough for you dropping that message. Altough if you're not in 
that situation of extremy worry about mail forgery, i dont think spf 
fail is reason enough for rejecting messages.



  Log analisys have proven that several domains, even big ones, have 
bad spf records. i agree if big-domain-admin made some mistake, it's his 
fault, not mine. But please, if you convince my boss from that, i'll pay 
a beer :) Generally we, admins of not-big domains/servers, have to do 
everything possible to receive message from big-domains, including those 
with crappy SPF records.



  And more important ...... SPF was created to fight against email 
FORGERY. It wasnt created to fight SPAM, altough it helps a lot, because 
spammers uses to spoof what i called big-domains. But it's easy for a 
spammer to spoof some domain with no SPF records and then SPF checks are 
gone !!



  Are you a bank ??? Forget all this discussion and drop everything 
that didnt SPF_PASS. In all the other cases, i think you'll save some 
headache if deal more gently with SPF. At least now that SPF is starting 
to get deployed. In two years, when SPF becames reality for all and 
almost all domains have SPF records, than these ideas can change and spf 
failing may became a reason enough for message dropping.


--


   Atenciosamente / Sincerily,
   Leonardo Rodrigues
   Solutti Tecnologia
   http://www.solutti.com.br

   Minha armadilha de SPAM, NÃO mandem email
   [EMAIL PROTECTED]
   My SPAMTRAP, do not email it




















    











					Reply via email to