spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: implementation question

2004-01-14 09:13:22
from [Jim Ramsay] [Permanent Link] 
wayne wrote:


Or, is the goal to have it available in a standardized way for easy
parsing?


Bingo.
I think the way I've outlined above is human-readable, easily parseable, and contains useful information. Some examples of Received-SPF headers as they would appear according to my proposed header format: 

Received-SPF: pass (h=smtp.example.com e@>??|lç?Ý?È:?  ip=192.168.0.1
 m=a:192.168.0.1 v=spf1 Domain example.com allows sending from
 192.168.0.1)

Received-SPF: pass (h=smtp.forgery.com e(_at_)gÉæ¶E­{ÞB%aÃp½c ip=172.16.0.3
 m=+all v=spf1 Domain forgery.com allows sending from any address)

Received-SPF: fail (h=smtp.example.com e@>??|lç?Ý?È:?  ip=10.10.10.10
 m=-all v=spf1 Domain example.com does not allow sending from
 10.10.10.10)

Received-SPF: unknown (h=smtp.example2.com e(_at_)??xfî?Ó@l¤Ï-
 ip=192.168.0.2 m=?all v=spf1 Domain example2.com lists 192.168.0.2 as
 unknown)

Received-SPF: unknown (h=smtp.nospf.com e@ ò«ûB\¥E¨´Aát¡4 ip=192.168.0.3
 m=none Domain nospf.com does not provide SPF information)
The useful information I thought would be nice is: the HELO hostname, the MAIL FROM envelope, the connecting IP, and the mechanism (if any) which matched, and the version of the SPF record, if it's available. They are defined in a consistent way for easy machine parsing, but a non-ugly way for easy human reading. Plus there is an optional comment on the back for people to read if the implementers are feeling generous. For future expansion, the comment can include other x=something fields.
The only thing I think I'm missing is: What happens if my SPF record is "v=spf1 a mx" and the sender doesn't match my 'a' or 'mx' records? I think the actual result as processed by SPF is as if there is an implicit ?all on the back of every SPF record... but how should this be displayed in the header? Maybe 'm=none v=spf1' is enough to say "They published SPF records but the connecting host did not match any of them", as opposed to just 'm=none' which means "They did not publish SPF records". 

--
Jim Ramsay

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SRS and sendmail, Meng Weng Wong
Next by Date:  Adoption Roll Update, Wechsler
Previous by Thread:  Re: Re: implementation question, wayne
Next by Thread:  Re: implementation question, Wechsler
Indexes:  [Date] [Thread] [Top] [All Lists]