On 14 Dec 2017, at 14:01 (-0500), Jim Popovitch wrote:
Aside from a few HUGE providers, those with very large and disparate networks/offices/topology....
SPF isn't related to the complexity of a network, but control of users using a domain name, which is a very different thing.
-all means that the domain operator knows what they are doing,
No, it means they know what their users do. Or that they THINK they do.
knows what their network consists of and how email is routed within their network. It further states that the -all publisher has committed to staying abreast of what happens in their environment in order to assure their IP space is properly routing email. It instills confidence.
There continue to be sites that do traditional ~/.forward-style transparent SMTP forwarding, which preserves the envelope sender as received. There continue to be websites which give users the ability to send content to others which use the address of the user initiating the action as the envelope sender, so that bounces go to the person who might care.
Last I checked, it was frowned upon for sysadmins to execute users who obliviously violate a SPF '-all' policy by mailing a 'wrong' person or using a 'wrong' 3rd-party system.
~all is just plain lazy, and is akin to saying that you don't have confidence in your ability to own and control your own network;
You keep using that word. I do not think it means what you think it means.
If you consider users to be a subordinate part of a "network" then no "network" is controllable or should be.
and you want others to spend some level of time/money (in the form of CPU cycles) analyzing email emitted from your network to determine it's suitability for deliverability.
There you go saying "your network" again, yet fundamentally '~all' says 'my users might cause mail using my domain name to come from networks OTHER THAN mine.' Which is true of almost any significant set of users. Mail actually from the domain owner's network properly will be authenticated by what comes BEFORE the '~all' default.
-- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steady Work: https://linkedin.com/in/billcole _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop