David Woodhouse wrote:
> Therefore no domain should ever advertise 'fail' in its SPF record.
>
> Therefore no domain should ever _obey_ a 'fail' SPF result.
Excuse me for being so stubborn, but if you support their insanity,
they'll never remove that nasty "fail". They want it, they got it. If
their mail gets stuck there's a chance they'll learn.
> Therefore it is irresponsible to give naïve users a simple cut'n'paste
> example of how to obey a 'fail' SPF result.
My example is 100% in line with the SPF draft:
Fail (-): the message does not meet a domain's definition of
legitimacy. MTAs MAY reject the message using a permanent
failure reply code. (Code 550 is RECOMMENDED. See RFC2821
section 7.1.)
And the very first paragraph of my SPF docs is:
To learn more about SPF, visit
http://spf.pobox.com. This
document does not explain the SPF fundamentals, you should
read and understand the implications of deploying SPF on your
system before doing so.
I can't get any more clear :)
/tom
