On 26/Jan/12 01:28, Scott Kitterman wrote: > On Wednesday, January 25, 2012 04:08:35 PM Murray S. Kucherawy wrote: >> >>>> How does the domain owner receive reports of others trying to use the >>>> domain to send mail? If the domain owner has said via the SPF record >>>> that the domain doesn't send mail, I would be highly surprised if the >>>> domain owner has configured anything to accept mail at that domain. >>> >>> If he wants to get the reports, he'd better. >> >> Do we need to call out this (somewhat obvious) situation in the draft? > > I hope we don't need to say that if you ask for reports you aren't going to > get them unless you configure your system to accept them.
Derek's concern seems legitimate to me. Although John's note may seem obvious, let me recall that SPF is rather weak at checking helo names because of a very similar reason. We are demanding too much diligence from domain admins, for a task they can achieve more easily by tracing an included exists mechanism. On the other hand, dkim-reporting has an rd= tag that makes such flexibility possible. What is the use case where rd= is different than d=? Why cannot we have the following for spf-reporting? www.example.com TXT "v=spf1 redirect=nomail._spf.example.com" nomail._spf.example.com TXT "v=spf1 -all rd=example.org" _report._spf.example.org TXT "ra=spf-failures" (The fixed prefix "_report._spf" and the missing v= are not very SPFish, but may look simpler and consistent with dkim-reporting.) _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
