Hi all,
I started reading the draft and I have some comments.
Section 1.1:
--
One of the central problems in modern email is the suppression of
spam (unsolicited bulk/commercial email). Spammers often falsify
envelope and header addresses so spam cannot be tracked back to its
source. Worse, spammers commonly masquerade as senders with good
reputations by forging both header and envelope addresses.
--
I don't think that you should specify spam as the main problem that SPF
will solve. The main problem that it will solve is forged email,
especially fraudulous ones. Spam will be harder to send as a
consequence, but SPF will not stop spam alltogether, so I don't think
that it should be spam should be the first thing discussed in the
introduction. I'd prefer to see SPF presented as a complete forgery
solution than a imcomplete spam solution.
Section 2.2.2:
--
Clients are NOT REQUIRED to attempt lookups against parent domains.
If a domain has no SPF record, clients MUST NOT, on their own
initiative, substitute SPF data from a parent domain.
--
Aren't these two sentences contradicting each other? The first sentence
could be rewritten as "Clients MAY attempt lookups against parent
domains." and that would contredict the second sentence.
Section 3.7, 2nd paragraph:
--
If a SPF client chooses to simply limit recursion depth,
then at least 10 levels of redirects and includes must be supported.
--
the "must" should be a "MUST".
3.8
--
The header SHOULD be prepended before any other Received-SPF headers in
the message.
--
Okay, it might be a dumb question, but when you say "before", are you
relating to the order of the data in the file or relating to the order
of the Received headers? One is the opposite of the other...
Appendix A:
I believe that RFC2373 only defines the IPv6 address structure. IPv4 is
defined by RFC791.
A few question:
1. Is the SPF record case sensitive? i.e.: Can I write: "V=SPF1 A MX
?ALL"?
2. I don't quite understand the distinction between the redirect and
include keywords. You state that the redirect keyword should be used
between domains that are administered by the same organisation while
the include keywork should be used for independant domains. What's the
problem with using include with domains that are all maintained by the
same organisation? What's the problem with using redirect with
independant domains? I know it's related to the enlevope sender, but I
don't understand SPF enough to see the problem. It would be nice if you
could put an example.
Best,
GFK's
--
Guillaume Filion, ing. jr
Logidac Tech., Beaumont, Québec, Canada - http://logidac.com/
PGP Key and more: http://guillaume.filion.org/
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)½§Åv¼ð¦¾Øß´ëù1Ií-»Fqx(_dot_)com