Subj : Re: wcsap.ini recommendations To : All From : hector.santos@winserver.com Date : Thu Jan 31 2019 19:18:36 Date: Mon, 01 May 2006 16:20:42 -0400 From: "HECTOR SANTOS" To: DAVE GOURD Subject: Re: wcsap.ini recommendations Newsgroups: win.server.smtp.&.avs Message-ID: <1146515007.46.1146453077@winserver.com> References: <1146453077.46.0@winserver.com> X-WcMsg-Attr: Rcvd X-Mailer: Wildcat! Interactive Net Server v7.0.454.5 Lines: 73 From: Dave Gourd > I have read the help files and text in re the wcsap.ini settings, but > looking at best and most widely practiced settings for > > Accept-SPF-SoftFail and > Accept-SPF-Neutral and > RecursionLimit > > I have them at (false, false, 20) but want max impact on bad senders. > Not 100% sure what the recursion limit is about. > > I agree with Hector's reasoning - pass/fail, no maybes, since it's > like saying no in a soft voice when you should be using a 2x4 to > impress someone. > > What setting for the above have the greatest impact on spammers? SPF defines a "policy" for a domain to expose which machines he is allowed to send mail from on behalf of the domain name. So if you say gourd.com should only come from your IP machine 1.2.3.4, then you can have an SPF record that defines that rule. What is that really that HARD of a rule for other sides? if you have an AOL.COM account, is AOL saying you can only send mail using their machine or are you allowed to send it from lets say a Internet Cafe or some laptop while on vacation? There is where some sites will use a NEUTRAL or SOFTFAIL policy when the IP does not machine the list they provide. They are saying, "Look, the IP didn't match, but this may not really be a bad thing, because the user is allowed to use our domain name from other machines. So we don't know. Your call." Today, if the policy is NEUTRAL, you are suppose to ignore the result and continue checking for other things. Buf if it says SOFTFAIL, then its up to you. The default we have was: Accept-SPF-SoftFail FALSE ; if false, continue testing Accept-SPF-Neutral False ; if false, continue testing Many SPF people are changing the first (SOFTFAIL) one to TRUE, which says don't continue, consider it as a failure. Again, that is a local policy (your) decision. You might want to discuss this with other SPF sysops in the official SPF mailing lists, SPF-HELP (for administrators) or SPF-DISCUSS (more technical regarding future specifications). > Although I am concerned with potential falsing or unintentional > blocking, I would rather lose 5 potential customers' inquiry msgs > than lose one solid customer's communciations - the old bird in the hand > or 2 in the bush analogy. Well, the safe way is to keep it FALSE, but like I said, many people are using SOFTFAIL policies for rejection. If a domain is exposing a SOFTFAIL handling, then it is probably saying "Look, we really didn't expect this. The IP should match our domain. Do what you like with it. We will not vouch for it." But for a NEUTRAL, it is saying, It is possible they could be a mismatch, don't reject it. I personally do not believe in a NEUTRAL policy, but there are many outsourcing places where you can get an email address and use it from any machine. Spammers exploit the bad side of it, but there is also the defensiveless good side. --- Platinum Xpress/Win/WINServer v3.1 * Origin: Prison Board BBS Mesquite Tx //telnet.RDFIG.NET www. (1:124/5013) .