I have read the help files and text in re the wcsap.ini settings, but
looking at best and most widely practiced settings for
Accept-SPF-SoftFail and
Accept-SPF-Neutral and
RecursionLimit
I have them at (false, false, 20) but want max impact on bad senders.
Not 100% sure what the recursion limit is about.
I agree with Hector's reasoning - pass/fail, no maybes, since it's
like saying no in a soft voice when you should be using a 2x4 to
impress someone.
What setting for the above have the greatest impact on spammers?
Although I am concerned with potential falsing or unintentional
blocking, I would rather lose 5 potential customers' inquiry msgs
than lose one solid customer's communciations - the old bird in the hand
or 2 in the bush analogy.
I have read the help files and text in re the wcsap.ini settings, but
looking at best and most widely practiced settings for
Accept-SPF-SoftFail and
Accept-SPF-Neutral and
RecursionLimit
I have them at (false, false, 20) but want max impact on bad senders. Not 100% sure what the recursion limit is about.
From: Dave Gourd
machine orI have read the help files and text in re the wcsap.ini settings, but looking at best and most widely practiced settings for
Accept-SPF-SoftFail and
Accept-SPF-Neutral and
RecursionLimit
I have them at (false, false, 20) but want max impact on bad senders.
Not 100% sure what the recursion limit is about.
I agree with Hector's reasoning - pass/fail, no maybes, since it's
like saying no in a soft voice when you should be using a 2x4 to
impress someone.
What setting for the above have the greatest impact on spammers?
SPF defines a "policy" for a domain to expose which machines he is allowed to send mail from on behalf of the domain name. So if you say gourd.com should only come from your IP machine 1.2.3.4, then you can have an SPF record that defines that rule.
What is that really that HARD of a rule for other sides? if you have an AOL.COM account, is AOL saying you can only send mail using their
are you allowed to send it from lets say a Internet Cafe or some laptop while on vacation?the IP
There is where some sites will use a NEUTRAL or SOFTFAIL policy when
does not machine the list they provide. They are saying,says
"Look, the IP didn't match, but this may not really be a bad thing,
because the user is allowed to use our domain name from other machines.
So we don't know. Your call."
Today, if the policy is NEUTRAL, you are suppose to ignore the result and continue checking for other things.
Buf if it says SOFTFAIL, then its up to you.
The default we have was:
Accept-SPF-SoftFail FALSE ; if false, continue testing Accept-SPF-Neutral False ; if false, continue testing
Many SPF people are changing the first (SOFTFAIL) one to TRUE, which
don't continue, consider it as a failure.it
Again, that is a local policy (your) decision. You might want to discuss this with other SPF sysops in the official SPF mailing lists, SPF-HELP (for administrators) or SPF-DISCUSS (more technical regarding future specifications).
Although I am concerned with potential falsing or unintentional
blocking, I would rather lose 5 potential customers' inquiry msgs
than lose one solid customer's communciations - the old bird in the hand or 2 in the bush analogy.
Well, the safe way is to keep it FALSE, but like I said, many people are using SOFTFAIL policies for rejection. If a domain is exposing a SOFTFAIL handling, then it is probably saying
"Look, we really didn't expect this. The IP should match our domain.
Do what you like with it. We will not vouch for it."
But for a NEUTRAL, it is saying, It is possible they could be a mismatch, don't reject it. I personally do not believe in a NEUTRAL policy, but there are many outsourcing places where you can get an email address and use
from any machine. Spammers exploit the bad side of it, but there is also the defensiveless good side.
Sysop: | Nelgin |
---|---|
Location: | Plano, TX |
Users: | 577 |
Nodes: | 10 (1 / 9) |
Uptime: | 56:36:07 |
Calls: | 9,294 |
Calls today: | 2 |
Files: | 16,016 |
Messages: | 1,046,593 |