spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: new result values: none, neutral, and softfail

2004-01-29 18:24:02
from [Philip Gladstone] [Permanent Link]
Does this mean I should change MSQ to return these 7 results? I think that it makes sense to do so, and I will do so unless someone shouts 

Philip

mengwong(_at_)dumbo(_dot_)pobox(_dot_)com wrote:



3 Interpretation

  When an SPF client evaluates a domain's SPF policy, this evaluation
  produces one of seven results:

    None: The domain does not publish SPF data.

    Neutral (?): The SPF client MUST proceed as if a domain did not
    publish SPF data.  This result occurs if the domain explicitly
    specifies a "?" value, or if processing "falls off the end" of
    the SPF record.

    Pass (+): the message meets the publishing domain's definition of
    legitimacy.  MTAs proceed to apply local policy and MAY accept or
    reject the message accordingly.

    Fail (-): the message does not meet a domain's definition of
    legitimacy.  MTAs MAY reject the message using a permanent
    failure reply code.  (Code 550 is RECOMMENDED.  See RFC2821 [11]
    section 7.1)

    Softfail (~): the message does not meet a domain's strict
    definition of legitimacy, but the domain cannot confidently state
    that the message is a forgery.  MTAs SHOULD accept the message
    but MAY subject it to a higher transaction cost, deeper scrutiny,
    or an unfavourable score in a rule-based system.

  There are two error conditions, one temporary and one permanent.

    Error: indicates an error during lookup; an MTA MAY reject the
    message using a transient failure code, such as 450.

    Unknown: indicates incomplete processing: an MTA MUST proceed as
    if a domain did not publish SPF data.

So what used to be "unknown" has now been broken out into
"unknown-as-error" and "neutral-as-explicitly-defined".

You end up with the same behaviour but you can speak more accurately
about the semantics.

And we bring back softfail because I really think AOL should be doing
~all and not ?all.  Of all the ISPs in the world they probably have the
most tightly constrained userbase, and can say with the most confidence
that if it's not coming through an AOL server, it's not really an AOL
user.  Correct me if I'm wrong.

|




--
Philip Gladstone
* Check out the live pondcam at http://pond.gladstonefamily.net

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Summary: Current state of SPF, Philip Gladstone
Next by Date:  Re: Received-SPF, wayne
Previous by Thread:  Re: procmail, Catherine Hampton
Next by Thread:  Re: new result values: none, neutral, and softfail, Dan Boresjo
Indexes:  [Date] [Thread] [Top] [All Lists]