Jim Ramsay <[EMAIL PROTECTED]> writes:
pass - The client mailserver matches the published SPF record for the email address domain. You can be reasonably sure that the address is not forged. In my case, I'm going to let this through unchallenged.
fail - The client mailserver did NOT match the published SPF record for the domain, so we know the address is forged. (Some SMTP servers will drop these and not tag them). In my case I'll drop it, maybe even at the SMTP level. I'll probably wait and see how this works, though.
unknown - There was no SPF record for the email domain, so no check was made.
error - Something went wrong.
It also says that when an SPF query returns "fail", the MTA should
reject the connection, so it isn't likely that you'll see this in Received-SPF.
Actually, according to the RFC-in-development (at http://spf.pobox.com/rfcs.html):
Fail: the message does not meet a domain's definition of legitimacy. MTAs MAY reject the message using a permanent failure reply code. (Code 550 is RECOMMENDED. See RFC2821 [11] section 7.1)
MAY is not MUST - so this may come through sometimes, depending on the SMTP implementation, in which case I think TMDA SHOULD drop it.
-- Jim Ramsay
_________________________________________________ tmda-workers mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-workers
