Meng Weng Wong wrote:
yes, "exp" directives in included SPF records should be ignored.
I don't think that this is a good idea.
Suppose a company has the policy: All our customers may send mail from
<our domain> except the dial-in users, ADSL users and a known spammer.
It could have following policy:
xyz.com TXT "v=spf1 include:inc.xyz.com -all"
inc.xyz.com TXT ("v=spf1 "
"exp=exp.dul.xyz.com -a:dul.xyz.com/24 "
"exp=exp.dsl.xyz.com -a:dsl.xyz.com/24 "
"exp= -a:spammer.xyz.com "
exp.dul.xyz.com TXT "Mail from dial-in users is rejected"
exp.dsl.xyz.com TXT "Mail from ADSL users is rejected"
Therefore I suggest following rules for modifiers:
Modifiers are variables local to the currently processed SPF record (they
are forgotten at the end of the SPF record).
At the beginning of the SPF record, the modifiers are initialized with
default values (empty strings for 'exp=' and 'redirect=').
If the same modifier is encountered again, the specified new value replaces
the old value.
If the specified modifier is empty, the default value is restored.