From d876531d2335cae28996bf7eb7cc9d620b43f252 Mon Sep 17 00:00:00 2001
From: Philippe Pittoli <karchnu@karchnu.fr>
Date: Sat, 9 Nov 2024 04:00:00 +0100
Subject: [PATCH] Some comments on the default behavior for SPF.

---
 src/App/Text/Explanations.purs | 40 ++++++++++++++++++++++++----------
 1 file changed, 28 insertions(+), 12 deletions(-)

diff --git a/src/App/Text/Explanations.purs b/src/App/Text/Explanations.purs
index 4fa53e2..c988e58 100644
--- a/src/App/Text/Explanations.purs
+++ b/src/App/Text/Explanations.purs
@@ -125,7 +125,7 @@ basics = HH.div_
           You will have to configure your mail server to sign the emails you send.
           This involves creating a pair of keys (public and private).
           Your mail server will sign the mails with the private key,
-          and other mail servers will verify the signature with the public key.
+          and recipient mail servers will verify the signature with the public key.
           So, you need to publish the public key in a DKIM record.
           """
         ]
@@ -430,17 +430,33 @@ spf_introduction =
   ]
 
 spf_default_behavior :: forall w i. Array (HH.HTML w i)
-spf_default_behavior = [Bulma.p """
-  What should someone do when receiving a mail with your email address but not from a listed domain or IP address?
-  """
-  , HH.text """
-  By default, let's opt for dropping the mail (a
-  """
-  , HH.u_ [HH.text "hard fail"]
-  , HH.text """).
-  The only way for DKIM to be really meaningful is to block any mail not coming from the intended email servers.
-  Otherwise, it's just a statu quo, and the spamming will continue.
-  """]
+spf_default_behavior = [
+    Bulma.p """
+    What should someone do when receiving a mail from your email address but not from a listed domain or IP address?
+    """
+  , HH.p_ [ HH.text """
+            By default, the mail is dropped (a
+            """
+          , HH.u_ [HH.text "hard fail"]
+          , HH.text """).
+            This is the most direct behavior: dropping any mail not coming from the intended email servers.
+            """
+          ]
+  , HH.p_ [ HH.text """
+            Another option would be a
+            """
+          , HH.u_ [HH.text "soft fail"]
+          , HH.text """, which would advise recipient mail servers to tag the mails as spam.
+            In this case, a misconfigured email server wouldn't prevent mails to be received.
+            Use this option in case you are not confident enough in your setup.
+            """
+          ]
+  , HH.p_ [ HH.text """
+            Other options ("pass" and "neutral") are frankly borderline useless.
+            Do not use them unless you know exactly why.
+            """
+          ]
+  ]
 
 srv_introduction :: forall w i. Array (HH.HTML w i)
 srv_introduction =