Here's my idea. Have a modifier that would usually be one of "cr=0" or
"cr=1", to establish the domain owner's C/R policy on sending confirmation
requests back to them (their users). The semantics would be to store the
value in a "cr" variable, and use whatever was last stored whenever a
mechanisms validates the sending client. Then an MX host, to be compliant
with this idea, would _never_ send a C/R confirmation request if the last
stored "cr" value is 0.
I could blanket refuse all confirmations like:
ipal.net. IN TXT "v=spf1 cr=0 ptr:ipal.net -all"
Or I could blanket accept all confirmations like:
ipal.net. IN TXT "v=spf1 cr=1 ptr:ipal.net -all"
I could allow mail to be accepted from anywhere, but only allow confirmations
if it comes from my servers like:
ipal.net. IN TXT "v=spf1 cr=1 ptr:ipal.net cr=0 +all"
Or I could get sophisticated and control the policy on a per-user basis with
something like:
ipal.net. IN TXT "v=spf1 cr=1
exists:%{i}./(_dot_)%{l}(_dot_)(_at_)(_dot_)%{o}(_dot_)spfcr1(_dot_)ipal(_dot_)net
cr=0 ptr:ipal.net -all"
Or maybe even:
ipal.net. IN TXT "v=spf1 cr=1
exists:%{i}./(_dot_)%{l}(_dot_)(_at_)(_dot_)%{o}(_dot_)spfcr1(_dot_)ipal(_dot_)net
cr=0
exists:%{i}./(_dot_)%{l}(_dot_)(_at_)(_dot_)%{o}(_dot_)spfcr0(_dot_)ipal(_dot_)net
-all"
I'm sure there are many other ways, too.
How the MX implementation/deployment passes the "cr" status on to the C/R
programs would, of course, be up to that implementation/deployment. Those
details would not need to be specified here.
Thoughts? Flames? Am I on track of the proper kinds of use for modifiers
or not?
A lot of people are very anti-C/R, and this, combined with only ever sending
C/R when SPF validates, could make C/R potentially acceptable and usable.
At present I don't want to use C/R at all because of that. But maybe this
could allow it to be usable safely. Certainly SPF will help a lot just as
it is. But this would allow domain owners to state their preference.
--
-----------------------------------------------------------------------------
| Phil Howard KA9WGN | http://linuxhomepage.com/ http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/ http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡