spf-discuss
[Top] [All Lists]

what about an SPF modifier for C/R policy?

2004-01-25 15:15:44
Here's my idea.  Have a modifier that would usually be one of "cr=0" or
"cr=1", to establish the domain owner's C/R policy on sending confirmation
requests back to them (their users).  The semantics would be to store the
value in a "cr" variable, and use whatever was last stored whenever a
mechanisms validates the sending client.  Then an MX host, to be compliant
with this idea, would _never_ send a C/R confirmation request if the last
stored "cr" value is 0.

I could blanket refuse all confirmations like:

ipal.net.       IN      TXT     "v=spf1 cr=0 ptr:ipal.net -all"

Or I could blanket accept all confirmations like:

ipal.net.       IN      TXT     "v=spf1 cr=1 ptr:ipal.net -all"

I could allow mail to be accepted from anywhere, but only allow confirmations
if it comes from my servers like:

ipal.net.       IN      TXT     "v=spf1 cr=1 ptr:ipal.net cr=0 +all"

Or I could get sophisticated and control the policy on a per-user basis with
something like:

ipal.net.       IN      TXT     "v=spf1 cr=1 
exists:%{i}./(_dot_)%{l}(_dot_)(_at_)(_dot_)%{o}(_dot_)spfcr1(_dot_)ipal(_dot_)net
 cr=0 ptr:ipal.net -all"

Or maybe even:

ipal.net.       IN      TXT     "v=spf1 cr=1 
exists:%{i}./(_dot_)%{l}(_dot_)(_at_)(_dot_)%{o}(_dot_)spfcr1(_dot_)ipal(_dot_)net
 cr=0 
exists:%{i}./(_dot_)%{l}(_dot_)(_at_)(_dot_)%{o}(_dot_)spfcr0(_dot_)ipal(_dot_)net
 -all"

I'm sure there are many other ways, too.

How the MX implementation/deployment passes the "cr" status on to the C/R
programs would, of course, be up to that implementation/deployment.  Those
details would not need to be specified here.

Thoughts?  Flames?  Am I on track of the proper kinds of use for modifiers
or not?

A lot of people are very anti-C/R, and this, combined with only ever sending
C/R when SPF validates, could make C/R potentially acceptable and usable.
At present I don't want to use C/R at all because of that.  But maybe this
could allow it to be usable safely.  Certainly SPF will help a lot just as
it is.  But this would allow domain owners to state their preference.

-- 
-----------------------------------------------------------------------------
| Phil Howard KA9WGN       | http://linuxhomepage.com/      http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/   http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡