> I get a lot of E-mail that would fail SPF that is in fact valid. A
> lot of mail scripts and E-commerce sites are set up to send E-mail
> notifications with the Mail From generated from a user submission
> (since one can just simply press reply in order to respond).
While that may imapct the willingness of the owners of some domains to
publish SPF policies, that's irrelevant to the legitimacy of mail that
does not conform to already published SPF policies.
> Also, some of my own customers are blocked by their ISP's from using my
> mail server for SMTP, which means that if I configured SPF strictly for
> their domains, they would fail this test wherever implemented.
That's right: if you want to prevent people from forging your domain
whenever and wherever they want, you have to prevent people from
forging your domain whenever and wherever you want--Q.E.D. Your "own"
users need to conform to your policies.
You're confusing the _obligations_ of those who want to publish SPF
records, and the related customer relationship management, for a
problem in published SPF records.
> If you opt to use SPF on your system, take advantage of the
> weighting capabilities of Declude, and I would suggest at most being
> very cautious about how much weight you give it.
Sorry, Matt, but that's a bit of FUD. If a domain owner publishes a
strict sender policy for mail using their registered domain, if I do
anything but follow that policy, I am defying the wishes of the legal
owner of the domain. To accept and deliver mail as legitimate that is
known to be illegitimate--the SPF policy, not my subjective notion of
message content, dictates legitimacy--is putting your faith in the
wrong place. I d**n sure hope that nobody is testing for SPF and
delivering mail for the domains for which I have published policies,
especially without contacting us--I'd have very strong words for them.
Of course, it's incumbent upon the domain owner to make sure that
their SPF policies, their AUP, and their customer relationships are in
order. But I _must_ trust that they are, or I am behaving most
illogically. We HOLD on SPF FAIL.
--Sandy
------------------------------------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]
SpamAssassin plugs into Declude!
http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
