SPF_Fail score too low?

[Kevin Miller]

Matt Kettler wrote:
 
> I myself would recomend using hardfail, but I'd test things out
> starting at neutral and work your way up after you've proven out that
> it really works. 

You and res both bring up some interesting points.  I hardfail, but my
system is pretty humble - I an count on one hand every machine that
should be allowed to send mail from my domain.  The big guys have a lot
more 'I's to dot and 't's to cross.

One advantage of using a milter, as res recommends, is legitimate users
of misconfigured hard-fail servers get a response back.  Since bouncing
spam is bad, if a message fails on SA scores, the administrator of the
sending server never hears about it, even if it's a false positive.  

I ran softfail for some time initially, but since the failure happens on
the far end (someone else's server) I've never understood what folks are
monitoring with softfail.  None of the feedback concerning my domain
came back to me.  I've got logs full of info about someone else's
domain.

Maybe I'm just one of the 90% you mentioned, but what do you use to test
softfail?

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500