On June 7, 2014 5:35:20 PM EDT, "J. Gomez" <[email protected]> wrote: >On Saturday, June 07, 2014 10:58 PM [GMT+1=CET], Stephen J. Turnbull >wrote: > >> Are there really sites out there >> that reject on the basis of SPF -ALL without waiting for DATA? I for >> one could not use such a host. > >Yes, there are. > >Rejecting on the basis of SPF -ALL without waiting for DATA is cheap in >resources, obeys the published policy of the sending domain owner, and >affords the Recipient the benefit of off-loading the blame for the >rejection onto the Sender. > >Also, rejecting on the basis of SPF -ALL does not inconvenience at all >mailing list traffic, as mailing list traffic usually takes ownership >of the Return Path (envelope MAIL FROM), so if the mailing list host >has an SPF record, its traffic will pass an SPF check without waiting >for DATA.
I maintain a reasonably popular Postfix plugin for SPF checking that defaults to rejecting mail with an SPF fail result. I think I've been doing it since 2007 and I don't recall ever having a complaint about this default (plenty of complaints and requests about other things). I've published a -all SPF record since 2004. I do occasionally have mail rejected due to forwarding. In my experience it's mostly smaller domains that reject on -all. Personally, I prefer rejection over spam scoring. When it's rejected due to forwarding, the reject message always has the address I should send to directly in it. If mail gets spamfoldered and the recipient never sees it, I never find out. No, it's not what the big guys do, but it's definitely done. Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
