Some comments on the default behavior for SPF.

2024-11-09 04:00:00 +01:00 · 2024-11-09 04:00:00 +01:00 · d876531d23
parent bfa249585c
commit d876531d23
1 changed files with 28 additions and 12 deletions
--- a/src/App/Text/Explanations.purs
+++ b/src/App/Text/Explanations.purs
@ -125,7 +125,7 @@ basics = HH.div_
          You will have to configure your mail server to sign the emails you send.
          This involves creating a pair of keys (public and private).
          Your mail server will sign the mails with the private key,
-          and other mail servers will verify the signature with the public key.
+          and recipient mail servers will verify the signature with the public key.
          So, you need to publish the public key in a DKIM record.
          """
        ]
@ -430,17 +430,33 @@ spf_introduction =
  ]

 spf_default_behavior :: forall w i. Array (HH.HTML w i)
-spf_default_behavior = [Bulma.p """
-  What should someone do when receiving a mail with your email address but not from a listed domain or IP address?
-  """
-  , HH.text """
-  By default, let's opt for dropping the mail (a
-  """
-  , HH.u_ [HH.text "hard fail"]
-  , HH.text """).
-  The only way for DKIM to be really meaningful is to block any mail not coming from the intended email servers.
-  Otherwise, it's just a statu quo, and the spamming will continue.
-  """]
+spf_default_behavior = [
+    Bulma.p """
+    What should someone do when receiving a mail from your email address but not from a listed domain or IP address?
+    """
+  , HH.p_ [ HH.text """
+            By default, the mail is dropped (a
+            """
+          , HH.u_ [HH.text "hard fail"]
+          , HH.text """).
+            This is the most direct behavior: dropping any mail not coming from the intended email servers.
+            """
+          ]
+  , HH.p_ [ HH.text """
+            Another option would be a
+            """
+          , HH.u_ [HH.text "soft fail"]
+          , HH.text """, which would advise recipient mail servers to tag the mails as spam.
+            In this case, a misconfigured email server wouldn't prevent mails to be received.
+            Use this option in case you are not confident enough in your setup.
+            """
+          ]
+  , HH.p_ [ HH.text """
+            Other options ("pass" and "neutral") are frankly borderline useless.
+            Do not use them unless you know exactly why.
+            """
+          ]
+  ]

 srv_introduction :: forall w i. Array (HH.HTML w i)
 srv_introduction =