On Sat, Oct 18, 2003 at 08:47:14AM -0700, Mark Lentczner wrote:
|
| Macro interpolation - There should be a statement that "Domain
| administrators SHOULD not use a "%" sign followed by unrecognized macro
| character." This will make sure future versions can add new macro
| characters without breaking some sys admin's cutsey message like "No
| way, Jose.. ..::%bzzzzp!%::.." which would break when version two
| introduces the %b macro for something. While the versioning mechanism
| could avoid this (the SPF version in the record would indicate which
| macros could be expanded, and which have to be left as is... yuch!),
| there is no reason to make the software that complicated.
|
OK, here's the new text.
------------------------------------------------------------------------
2.3.3 Explanation
------------------------------------------------------------------------
Provides a space for the publishing domain to communicate further
information about its policy: for instance, a short message, or a
URL pointing to a longer message. SPF clients SHOULD convey this
message to the SMTP client when rejecting; if they cannot pass the
whole thing, they SHOULD convey at least the first 128 bytes of the
expanded explanation.
The explanation SHOULD be macro-interpolated according to the
following convention:
%% = a literal "%"
%u = local-part of current-address
%s = current-address
%d = current-domain
%t = current timestamp in YYYYMMDD-HHMMSS[+TZ] notation
%h = HELO/EHLO string provided
%i = SMTP client IP
The uppercase versions of those macros are to be URL-encoded.
A % sign not followed by a recognized macro character MUST be
interpreted as a literal. SPF publishers SHOULD NOT rely on this
feature; they MUST escape % literals. For example,
"exp=Your message looks like 20% spam"
is invalid syntax. Instead, say
"exp=Your message looks like 20%% spam"
The explanation string is OPTIONAL. If it is omitted, SPF clients
may use their discretion in constructing an appropriate string.
2.3.3.1 Simple Example
"v=spf1 default=! exp=Sender domain does not originate mail."
2.3.3.2 Example with macro interpolation
"v=spf1 default=! exp=%d does not originate mail"
If the <current-domain> were example.com, the <explanation> would
expand to "example.com does not originate mail".
2.3.3.2 Example with URL-encoded macro interpolation
"v=spf1 default=! exp=See http://%d/badmail?s=%S&i=%I&h=%H"
If the <current-address> were foo+bar(_at_)example(_dot_)com
the explanation would be expanded by the SPF client into
"See http://example.com/badmail?s=foo%2Bbar%40example.com
&i=192.0.2.1&h=fake.example.com"
See RFC1738 regarding URL encoding.
2.3.3.3 Example with timestamp interpolation
"v=spf1 default=! exp=Message rejected at %t"
If the current time were noon on 3rd Feb 2001 EST(-5), the
<explanation> would expand to
"Message rejected at 20010203-120000-5"
The TZ timezone field syntax is
( ( '+' / '-' ) DIGIT DIGIT [ ':' DIGIT DIGIT ] )
representing an offset from UTC. See ISO8601.
If an uppercase "%T" were used, the + would be encoded as "%2B".
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡