On Saturday 22 November 2003 4:18 pm, Philip Gladstone wrote:
I'm doubtful that changing the ESMTP protocol will fly -- there are
still lots of people using SMTP and it isn't clear how quickly the
firewall vendors will change to incorporate the new command. On the
other hand, it does have simplicity and cleanness on it's side.
Notice that the format of the XSPF query allows the ESMTP server to respond to
queries about any domain:
'XSPF' <SP> (SENDER-HOSTNAME|SENDER_IP) <SP> DOMAIN <SP> LOCALPART
For servers that do not wish to be used as a 'public oracle' giving opinions
about third party domains, a 'try elsewhere' response should be given for
domains it is not an mx for:
551 User not local; please try <other-domain-mx>
However there is nothing to prevent your ISP's SMTP server from providing you
with a response for any domain you ask about, by calling out to the correct
server (is it would do for incoming mail anyway). It may even be faster since
your ISP's XSPF response cache will then be available to you.
When responding as a proxy in this way, an ESMTP server should return a 251
success code instead of 250:
251 <SP> ('ALLOW'|'DENY') <SP> 'FOR' <SP> TTL-VALUE <SP> 'SECONDS' [<SP> 'FOR
ALL']
This mechanism need not be restricted to ISP's. It could be used to provide
arbitrary opinions concerning non-XSPF domains in the manner of the 'fallback
domain' that has already been discussed for DNS-based SPF. A server that is
constructing it's own 'best guess' rather than forwarding an authoritative
response should respond with code 252 to distinguish it.
There are other interesting possibilities which could be explored:
1. Returning a percentage 'degree of trust' rather than boolean allow|deny.
2. Query for other known fallback oracles, with a trust weighting for each.
This would enable receiving MTAs to build distributed trust networks that
share their opinions about permitted senders for non-participating domains,
yet the protocol would remain trivially simple.
- Dan
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.6.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡