In <7977798(_at_)pamho(_dot_)net> "Ramakanta (das) HKS (PAMHO.NET SysOp)
(Zurich - CH)" <Ramakanta(_dot_)HKS(_at_)pamho(_dot_)net> writes:
In spf-draft-20040209.txt in the section 3.2 it says:
Each directive is considered in turn from left to right.
...
If it matches, processing ends and the prefix value is returned as
the result of that record. (The default prefix value is "+".)
But then in section 5.2 the example is:
v=spf1 mx -all exp=explain._spf.%{d}
This means that the 'exp' directive is never processed because according to
3.2 the processing ends at '-all'.
Yeah, I really don't like the wording of the SPF spec in this area,
and I like the way most SPF implementations actually function even
less. Modifiers, I guess, are not "processed", they are looked for
after the processing is over when they need to be found. With the
exception of libspf-alt, none of the other SPF implementations will
even detect modifiers with syntax errors, such as "m$o=foo".
This is despite section 3. that says that " If an SPF client
encounters a syntax error in an SPF record, it must terminate
processing and return a result of "unknown"." (Section 3.2 specifies
that modifiers and mechanisms must be be made up of only alpha
characters, so "m$o=" is invalid.) Now, "encounters" is kind of a
fuzzy term. If you are given an SPF record of "v=spf1 -all exp=foo m$o=foo"
do you encounter the last modifier? You would only need to go looking
for the exp= modifier, and that is found first. However, if you have
"v=spf1 -all m$o=foo", do you "encounter" the invalid modifier then?
From my analysis of all the SPF implementations, most basically make
the assumption that you have a valid SPF record, and you just need to
plow through it, evaluating things as you stumble across things and
not look to hard at anything else.
-wayne