On Sun, 2004-02-08 at 07:05, list+spf-discuss(_at_)doeblitz(_dot_)net wrote:
It all depends on how you integrate SPF with the MTA. Introducing a new
return code makes integration a little bit more difficult, maybe we should
just return "unknwon" as no SPF could be done and leave rejection of
unresolvable senders to the MTAs - which already implement these checks.
On integration vs. non-integration:
-----------------------------------
Returning "unknown" would mean that domains passing the MTA's
resolvable-domain check would still trigger a second (but cached) dns
query in spf checks.
I had imagined that MTA configuration tools could eventually silently
drop separate resolvable-domain tests when spf tests are enabled, using
an integrated test in the spf code to do the same thing.
But if the complications and confusions that would cause would be
greater than the (very meager) query/network savings, then I'm fine with
them being completely uncoupled.
On the answer being "unknown":
------------------------------
I have to say I'm having problems wrapping my head around whether I
would think "none" or "unknown" is the better answer, especially since
both answers are to be interpreted by mta's the same way. (I would
agree with your suggestion of "unknown", personally because "unknown" as
is listed as an error, and having no domain info at all would be
considered by most everyone to be much worse than simply having no spf
data and somewhat error-ish in itself.)
That leads me to a suggestion/question, (embarrassingly enough),
seemingly completely backwards from my previous one:
What is the purpose of a separate "none" return code to begin with?
(It showed up in 2.9.5)
Should there be a difference between an answer of "I simply can't
understand what the domain owner is saying I should do" (unknown--error)
and "the domain owner hasn't said anything that I should do, so I can't
give you a useful answer as to his intentions" (none--not error), if
you're supposed to treat both answers the same?
In my mind "none" sort of falls into the error category--since spf code
would be more-or-less responding with the objection that it can't give
you any useful information.
Removing "none", and making nxdomain results return "unknown", means
that any result in which spf code ends up not being able to give a
definitive answer, for whatever reason, would return the same thing.
(My main objection is that I think that NXDOMAINs should result in a
specific, defined response. The part about either wanting separate
"nxdomain", "none", or "unknown" results, or just have one catch-all
"unknown" error response, is something I'm still a bit confused on, and
I'm hoping that clearer minds can discuss it before any deadlines.)
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.7.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡