On 21/05/2017 14:52, frnk...@iname.com wrote:
sm,
Do you think the sending domain was not aware of that when they wrote the
policy?
I think a lot of the disagreement comes from differing views on priorities.
For some people, the danger of receiving forged messages is paramount,
so rejecting messages that could potentially be forged (eg due to SPF
failures) is important to them.
For other people, the chance of lost messages (especially due to
forwarding) is important, so you shouldn't reject based on SPF.
I often hear people say that email is "broken" because it's easy for
people to forge sender addresses, and I know it makes people more
reluctant to rely on email. Unfortunately, MTA mail forwarding is very
similar to forging a message (unless DKIM is also used)
Personally, I think forwarding should have died out years ago, but it
seems a hard habit to wean people off, despite it not working well in
today's 'reputation-based' email system (any MTA which automatically
forwards mail WILL forward spam). I know some people disagree with me.
I think if you are running a common forward target (gmail, Hotmail,
Yahoo etc or even a big ISP) then you should probably be more forgiving
of SPF 'fail' results than a small mail server operator which is much
less likely to have random people forwarding mail to them.
Apart from forwarding, you often get mail administrators who haven't got
a clue about how SPF works, and/or haven't got a clue about which mail
servers may send mail from their domains.
I know that compared to a year or two ago, we are now getting more and
more people reporting deliverability problems of their own sent mail due
to SPF errors they've made. This suggests to me that the general view is
shifting towards "potentially forged messages are bad" and away from
"deliver at all costs".
Personally, I think I'd rather have SPF PermError or Fail generate
delivery failure reports rather than just have messages end up being
quarantined. At least that way the sender could have a chance to fix the
problem rather than believing that their messages have been delivered
successfully. Again, I realize people disagree with me. I'm not saying
I'm right, just that that's my opinion. I certainly wouldn't configure a
receiving mail server that way without the responsible people of the
recipient domain agreeing and being aware of the consequences.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop