On Sat, 16 Jul 2005, Douglas Otis wrote:
[existing result set]
This is clearly specific to SPF/Sender-ID. Perhaps something more
specific, such as:
Yes, I agree. It was just a place to start and seemed workable in the
DKIM context.
result = "authen" / "authen-author" / "author" / "not-author" /
"non-compliant" / "unknown" /"temperror" / "permerror"
; results of an attempt to validate an identity
Without a new assertion added where the MTA assures exclusive use of a
domain, path registration validation should return "author[ized]" rather
than "authen[ticated]" as currently implied by "pass" according to this
draft. This greater specificity would also allow greater utility with
other mechanisms, such as DKIM or CSV.
While I'm not necessarily adverse to such a change, I would also suggest
that elsewhere in the header, the method whose result is being relayed is
identified. A "fail" for DKIM (authentication) would be thus
disambiguated from a "fail" for SPF (authorization), for example. The
cross-product of the method and the result can reveal the specificity
you'd like.