On Wed, Sep 08, 2004 at 08:45:49PM -0400,
mazieres(_at_)gmail(_dot_)com <mazieres(_at_)gmail(_dot_)com> wrote
a message of 43 lines which said:
First, it would need to be clear how multiple checks should interact
when receiving sites perform multiple checks.
Please read http://spf.pobox.com/unified/2-best.txt for a start.
In particular, it must be the case that a site checking both
mailfrom and pra should always reject mail when mailfrom fails (even
if pra passes). This might be as simple as saying if any test
fails, the message is considered to have failed.
I'm not sure this should be mandated. We should standardize protocols,
not policies. It is important that pass(SPF_record,identity) always
return the same value, whoever the tester is, but not so important to
decide what to do when it fails or succeeds.
This would require a new macro for the mailfrom domain (%{m}?), and
would also benefit greatly from some kind of string comparison
mechanism--maybe eq:string1:string2. You'd want to be able to say
something like:
Nice but it would mean a non-trivial change to SPF implementations
(which, at the present time, are almost ready to implement -protocol).