On Dec 2, 2009, at 9:52 PM, Valdis.Kletnieks@vt.edu wrote:
It only stops forgery if the SPF record has a -all in it (as hubris.net does). However, a lot of domains (mine included) have a ~all instead.
I guess I've never really seen the point of publishing a SPF record if it ends in ~all. What are people supposed to do with that info? Spamassassin assigns it a score of 0.6 but that is low enough it really doesn't have much since it doesn't assign any negative points for SPF_PASS.
(And before anybody asks, yes ~all is what we want, and no you can't ask us to try -all instead, unless we're allowed to send you all the helpdesk calls about misconfigured migratory laptops".. ;)
I certainly understand that you may not be able to lock down your domain. We don't even try for customers for instance. However, if you can't, I guess I don't really see what good publishing a SPF record is if you tell people not to enforce it. Chris ------------------------------------------------------------------------- Chris Owen - Garden City (620) 275-1900 - Lottery (noun): President - Wichita (316) 858-3000 - A stupidity tax Hubris Communications Inc www.hubris.net -------------------------------------------------------------------------