In
<Pine(_dot_)NEB(_dot_)4(_dot_)58(_dot_)0401291451380(_dot_)14011(_at_)server(_dot_)duh(_dot_)org>
<tv+spf(_at_)duh(_dot_)org> writes:
On Thu, 29 Jan 2004, wayne wrote:
: I guess I come from a compiled language background and am thinking
: ahead to the idea of having an SPF DNS record with syntax checking at
: the zone load time.
:
: If the spec is token based, then you really can't validate past an
: exists:%{ir}._spf.%{d} because you can't know if that pseudo-dnsbl
: will always return true.
[BNF snipped]
It doesn't matter what the zone returns at record parse time. The syntax is
clear -- whitespace after that token ("exists:%{ir}._spf.%{d}") ends the
mechanism token. Parse complete, even if the SPF client doesn't know what
"exists" means.
Note that I said "validate" rather than just "parse". The BNF spec
for the SPF syntax allows almost all strings that begin with "v=spf1 "
That's the ideal, where there is not a syntax error after the "exists:".
The SPF spec doesn't say (last paragraph of "3 Interpretation" just before
3.1) whether such a syntax error should result in "unknown" up front or at
per-mechanism evaluation time.
Ok, but if the SPF implementation decides to use the text from exp=,
it must look at each token clear to the end of the SPF record. When
it comes across an unrecognized mechanism, processing aborts.
So what possible values can this SPF record return?
"v=spf1 mx -a gpg ~all exp=msg.%{p}"
If the IP address is matches the MX, can an implementation return
pass?
If the IP address isn't the MX, but is the A, can an implementation
return fail? Does it make a difference whether the implementation
uses the exp= text or not?
Can an implementation return unknown because of the gpg mechanism?
Can it generate a pass because of it?
I think that checking things token by token is just plain confusing.
Again, I think implementations of SPF MUST check for all syntax errors
including unknown mechanisms. It MAY check for things like missing
records in include:, recursion depth limits, etc.
-wayne
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡