On Thu, 29 Jan 2004, wayne wrote:
: > My interpretation was the latter meaning (token-based); otherwise there
: > would be no point to allowing extensions. SPF is an ordered-rule based
: > system, so tokens are typically taken as individual entities one at a time.
:
: I guess I come from a compiled language background and am thinking
: ahead to the idea of having an SPF DNS record with syntax checking at
: the zone load time.
:
: If the spec is token based, then you really can't validate past an
: exists:%{ir}._spf.%{d} because you can't know if that pseudo-dnsbl
: will always return true.
SPF-record = version *( 1*SP declaration ) *( 1*SP modifier )
declaration = [ prefix ] mechanism
prefix = "+" / "-" / "~" / "?"
mechanism = 1*ALPHA [ ':' *VCHAR ] *[ '/' *DIGIT ]
modifier = 1*ALPHA '=' *VCHAR
It doesn't matter what the zone returns at record parse time. The syntax is
clear -- whitespace after that token ("exists:%{ir}._spf.%{d}") ends the
mechanism token. Parse complete, even if the SPF client doesn't know what
"exists" means.
This mechanism's macro isn't evaluated, however, until any prior mechanisms
in the record have been exhausted without matching. If the client does not
or cannot implement the "exists" mechanism after evaluating previous
mechanisms, only then would the result be "unknown".
That's the ideal, where there is not a syntax error after the "exists:".
The SPF spec doesn't say (last paragraph of "3 Interpretation" just before
3.1) whether such a syntax error should result in "unknown" up front or at
per-mechanism evaluation time.
Clients that don't implement "exists" cannot check its syntax, but they can
check up to that point, so the token-at-a-time system still works fine.
--
-- Todd Vierling <tv(_at_)duh(_dot_)org> <tv(_at_)pobox(_dot_)com>
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
Wiki:
http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/HomePage
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡