[Mimedefang] md_check_against_smtp_server and md_graphdefang_log

David F. Skoll dfs at roaringpenguin.com
Tue Mar 26 22:02:28 EDT 2013

On Tue, 26 Mar 2013 15:42:42 -0700 (PDT)
kd6lvw at yahoo.com wrote:

> > SPF is completely useless in the following sense: Rejecting mail
> > because of SPF "fail" will absolutely cause valid mail to be
> > rejected.  You (and I) may say "Tough luck for domains that publish
> > broken SPF records", but for some reason our customers don't see it
> > that way.

> Broken SPF records do not generate a "fail" response.

You misunderstand.  I mean that an SPF record is "broken" if it
specifies "fail" for a valid sending host.

> I do say "tough luck" for otherwise valid mail rejected by an SPF
> fail.

You do not have to explain yourself to tens of thousands of customers,
correct?  In our anti-spam software and service, we recently
implemented a policy decision that ignores sender and domain
whitelists on SPF "fail" or "softfail".  We've had endless complaints
about this!  We're not even blocking such mail; we're just *not*
allowing it to be whitelisted, and still people complained.  (So we made
it possible to turn off the policy.)


> I pay for my own mail by use of the bandwidth I pay for, and I have
> users other than just me in my domains.

Do they pay you to provide service?  In principle, I agree with your
approach, but it's doomed to failure in the real world.  The real
world is a mess and sticking to strict, pristine principles of email
delivery quickly means you'll have no paying customers.



More information about the MIMEDefang mailing list