On 11/05/2024 03:40, Bill Cole wrote:
So what? domain owners state hard fail it SHOULD be hard failed,
irrespective of if YOU think you know better than THEM or not, if we
hardfail we accept the risks that come with it.
In practice, there is a prioritizing of whose wishes I prioritize on
the receiving systems I work with. If my customer wants to receive the
mail and the individual generating the mail is not generating that
desire fraudulently, I don't care much about what the domain owner
says.
I hope you have an indemnity clause in your contracts (or written
statement from them) to legally protect you, and your professional
indemnity insurance (or your countries version of it) is current...
I do not work for the domain owners of the world and I am not obligated
to enforce their usage rules on their users.
Obligated no, its your network, your rules, but honouring them is the
correct "good netizen" thing to do.
I'm sure the crime gangs and spammers reading this list greatly
appreciate you telling them they got better chances with you then most
:P
Obviously I take their input seriously when trying to detect fraud but
I've seen too many cases of "-all" being used with incomplete or
obsolete lists of "permitted" hosts to accept that they know all of the
places their mail gets generated.
The idea of using -all is not just configuring it and forgetting it,
it's part of the accepted risk that if you change something, you change
your SPF statements too, if they forget, the complaints of blocked mail
should prompt them to fix it, or if they are just flat out too damn
lazy, then they get what they deserve.
Adherence has improved out of sight in past 5 to 10 years, and I've seen
no problems caused by SPF, I can't remember the last time we had one.
I've also given up all hope of getting the few places that are still
doing transparent forwarding to adopt SRS or any other mechanisms to
avoid SPF breakage to ever change.
I guess the traffic with them is low, if it was high, blocking would
likely get them off their buts.
--
Regards,
Noel Butler
