spf-discuss
[Top] [All Lists]

'exp' directive in included SPF record

2004-03-23 01:51:00
Meng Weng Wong wrote:

yes, "exp" directives in included SPF records should be ignored.

I don't think that this is a good idea.

Suppose a company has the policy: All our customers may send mail from
<our domain> except the dial-in users, ADSL users and a known spammer.
It could have following policy:

xyz.com          TXT  "v=spf1 include:inc.xyz.com -all"
inc.xyz.com      TXT  ("v=spf1 "
                      "exp=exp.dul.xyz.com -a:dul.xyz.com/24 "
                      "exp=exp.dsl.xyz.com -a:dsl.xyz.com/24 "
                      "exp= -a:spammer.xyz.com "
                      "a:xyz.com/16 -all")
exp.dul.xyz.com  TXT  "Mail from dial-in users is rejected"
exp.dsl.xyz.com  TXT  "Mail from ADSL users is rejected"


Therefore I suggest following rules for modifiers:

----------------

Modifiers are variables local to the currently processed SPF record (they
are forgotten at the end of the SPF record).

At the beginning of the SPF record, the modifiers are initialized with
default values (empty strings for 'exp=' and 'redirect=').

If the same modifier is encountered again, the specified new value replaces
the old value.

If the specified modifier is empty, the default value is restored.

----------------


Roger


<Prev in Thread] Current Thread [Next in Thread>