Comments inline > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of SM > Sent: Thursday, February 26, 2009 10:05 AM > To: Hector Santos > Cc: [email protected] > Subject: Re: Concluding the SPF and Sender ID experiments > > > Hi Hector, > At 05:28 26-02-2009, Hector Santos wrote: > >I don't see the logic connection. > > The first part of the comment was about the note. That note mentions > how the two experiments can affect each other. It goes on to say > that the heuristics could be applied incorrectly. > > >A SPF hard fail result is a strong indicator that the DOMAIN wants a > >rejection - no guessing, no 2nd thoughts. >
+1 > There was a comment about phishing and that receivers use the > pass/fail from SPF1 tests as a strong indicator to assess the > validity of the message. > No, what I meant (or intended to communicate) is that testing in conjunction with receivers has shown a very high correlation between phishing emails and SPF failures where the abused domain has published a strong SPF record (ending in -all). > >For us, the whole point of SPF1 is not to use heuristics at the SMTP > Level. > No heuristics. If a domain publishes a record using "-all", they are indicating that mail not originating from the hosts indicated didn't originate from them. IBM publishes a simple -all for ibm.com. That is a statement that if you receive connections for mail (Mailfrom) purporting to be from the domain ibm.com it isn't their mail. > It is used for heuristics at the 5322 level. > > >But hard fail at SMTP transport level? ---> REJECT! +1 > > > >System that ignore the hard fail policy of a domain are just > >creating problems for domains that desire it by watering down the effect. > +1 > Do these domains publish v=spf1 and spf2.0 records? Mine do but the spf2.0 is just to specify mfrom to avoid the use of PRA against our domains.
