On Wed, Feb 04, 2004 at 03:22:37PM -0800, Hallam-Baker, Phillip wrote:
|
| 3) Use a modifier as follows
|
| domainsig=never authentication extension is never used,
| if you understand the extension reject messages carrying it
| domainsig=always authentication extension is always used,
| if you understand the extension reject messages not carrying it
| domainsig=request authentication extension is used on request,
| if you understand the extension and you request it,
| reject messages not carrying it
| domainsig=some authentication extension is sometimes used
|
But isn't that equivalent to the "unknown mechanism" approach? Maybe I
misunderstood you when you brought this up before.
| OK so if you want to use IP authentication and the new scheme you would
| state:
|
| v=spf1 +mx domainsig=always -all
| IE if you understand domainsig AND you support it you would reject
| email that failled either the mx or the domainsig test
I would propose
v=spf1 mx domainsig -all
Clients that don't understand domainsig will abort "unknown"
Clients that do understand it will evaluate it and if it fails honour the
"-all".
| If you only want to use the new scheme:
|
| v=spf1 domainsig=always +all
|
I would propose
v=spf1 domainsig -all
Clients that don't understand domainsig will abort "unknown".
Clients that do understand domainsig will evaluate it and if it fails honour
the "+all".
I know that allowing the use of unrecognized mechanisms irks some
people, but let's run through the use cases before we make a decision.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡