spf-discuss
[Top] [All Lists]

Internet-Draft 01 Release Candidate 1: slight macro changes.

2004-04-27 07:51:19
Here are the changes since Sunday.

* "c" macro introduced; provides human-readable IPv6 notation
* "t" macro limited to use in "exp" text only.
* "r" macro added to indicate receiver domain.

Any objections?  Speak now or forever hold your peace...

--- spf-draft-200404-beforewayne.txt    2004-04-27 00:42:15.000000000 -0400
+++ spf-draft-200404.txt        2004-04-27 10:41:09.000000000 -0400
@@ -838,11 +838,11 @@
 
    It is expected that SPF-enabled receivers will maintain a library of
    recognized accreditation providers, keyed by the domain-spec.  An
-   accreditation providers is responsible for describing the protocol
-   it uses to encode assertions.  For example, suppose an accreditation
+   accreditation provider is responsible for describing the protocol it
+   uses to encode assertions.  For example, suppose an accreditation
    provider supports DNS "A" queries against the expanded domain-spec.
-   Suppose a result of NXDOMAIN means "domain is not known to the
-   accreditation service."  Suppose a result of "127.0.0.10" means "the
+   A result of NXDOMAIN could mean "domain is not known to the
+   accreditation service."  A result of "127.0.0.10" could mean "the
    accreditation service vouches for the integrity of the sender
    domain."  Accreditation providers can make up any protocol they like
    as long as they can convince receivers to use it.
@@ -850,6 +850,9 @@
    Accreditation is only meaningful if the result of the SPF query is a
    PASS.
 
+   Accreditation operates on behalf of the sender.  Receivers, and the
+   reputation services that operate on their behalf, are expected to
+   adopt a critical stance toward accreditation assertions.
 
 6. Miscellaneous
 
@@ -1002,28 +1005,33 @@
    Certain directives perform macro interpolation on their arguments.
 
      macro-string = *( macro-char / VCHAR )
-     macro-char   = ( "%{" ALPHA *DIGIT [ "r" ] *delim "}" )
-                    / "%%"
-                    / "%_"
-                    / "%-"
+     macro-char   = ( "%{" ALPHA *modifier *delimiter "}" )
+                    / "%%" / "%_" / "%-"
+     transformer  = *DIGIT [ "r" ]
+     delimiter    = "." / "-" / "+" / "," / "/" / "_" / "="
 
    A literal "%" is expressed by "%%".
    %_ expands to a single " " space.
    %- expands to a URL-encoded space, viz. "%20".
 
-   The following macro letters are expanded:
+   The following macro letters are expanded in directive arguments:
 
       l = local-part of responsible-sender
       s = responsible-sender
       o = responsible-domain
       d = current-domain
-      i = SMTP client IP
-      t = current timestamp in UTC epoch seconds notation
+      i = SMTP client IP (nibble format when an IPv6 address)
       p = SMTP client domain name
       v = client IP version string: "in-addr" for ipv4 or "ip6" for ipv6
       h = HELO/EHLO domain
+      r = receiving domain
+
+   The following macro letters are expanded only in "exp" text:
+
+      c = SMTP client IP (easily readable format)
+      t = current timestamp in UTC epoch seconds notation
 
-   The uppercase versions of those macros are URL-encoded as well.
+   The uppercase versions of all these macros are URL-encoded.
 
    A '%' character not followed by a '{', '%', '-', or '_' character
    MUST be interpreted as a literal.  SPF publishers SHOULD NOT rely on
@@ -1033,38 +1041,64 @@
    is incorrect.  Instead, say
       Your spam volume has increased by 581%%
 
-   Legal modifiers are
+   Legal optional transformers are:
 
-        *DIGIT ; one or more digits
+        *DIGIT ; zero or more digits
         'r'    ; reverse value, splitting on dots by default
 
-   The DIGIT modifier indicates the number of right-hand parts to use
-   after optional reversal.  The modifier MUST be nonzero.  If DIGIT
-   specifies more parts than are available, all the available parts are
-   used.  If the DIGIT was 5, and only 3 parts were available, the macro
-   interpreter would pretend the DIGIT was 3.
+   If transformers or delimiters are provided, the macro strings are
+   split into parts.  After performing any reversal operation or
+   removal of left-hand parts, the parts are rejoined using "." and not
+   the original splitting characters.
+   
+   By default, strings are split on "." (dots).  Macros may specify
+   delimiter characters which are used instead of ".".  Delimiters
+   MUST be one or more of the characters:
+      "." / "-" / "+" / "," / "/" / "_" / "="
 
-   The 'r' modifier indicates a reversal operation: if the client IP
+   The 'r' transformer indicates a reversal operation: if the client IP
    address were 192.0.2.1, the macro %{i} would expand to "192.0.2.1"
    and the macro %{ir} would expand to "1.2.0.192".
 
-   The DIGIT and the 'r' modifiers split a string into parts.  By
-   default, strings are split on "." dots.  Modifiers may be followed by
-   one or more splitting characters which are used instead of the ".".
-   Splitting characters MUST be non-alphanumeric.  Parts are always
-   rejoined using "." and not the original splitting characters.
+   The DIGIT transformer indicates the number of right-hand parts to
+   use after optional reversal.  If a DIGIT is specified, it MUST be
+   nonzero.  If no DIGITs are specified, or if the value specifies more
+   parts than are available, all the available parts are used.  If the
+   DIGIT was 5, and only 3 parts were available, the macro interpreter
+   would pretend the DIGIT was 3.  Implementations MAY limit the
+   number, but MUST support at least a value of 9.
 
    For the "l" and "s" macros: when the local-part is not defined, the
    string "postmaster" is substituted.  The local-part might be
    undefined if the <current-domain> is drawn from the HELO command
    rather than the MAIL FROM.
 
+   For IPv4 addresses, both the "i" and "c" macros expand to the
+   standard dotted-quad format.
+
+   For IPv6 addresses, the "i" macro expands to dot-format address; it
+   is intended for use in %{ir}.  The "c" macro may expand to any of
+   the hexadecimal colon-format addresses specified in RFC3513 section
+   2.2.  It is intended for humans to read.
+
+   Use of the "t" macro in DNS lookups would greatly reduce the
+   effectiveness of DNS caching.  The "t" macro is only allowed in
+   explanation records.  The value of the "t" macro SHOULD NOT change
+   during the evaluation of a given SPF record.
+
    The "p" macro expands to the validated domain name of the SMTP
    client.  The validation procedure is described in section 4.6.  If
    there are no validated domain names, the word "unknown" is
    substituted.  If multiple validated domain names exist, the first one
    returned in the PTR result is chosen.
 
+   The "r" macro expands to the name of the receiving MTA.  This SHOULD
+   be a fully qualified domain name, but if one does not exist (as when
+   the checking is done by a script) or if policy restrictions dictate
+   otherwise, the word "unknown" SHOULD be substituted.  The domain
+   name MAY be different than the name found in the MX record that the
+   client MTA used to locate the receiving MTA.
+
    The "s" macro expands to the sender email address: a localpart, an @
    sign, and a domain.  The "o" macro is the domain part of the "s".
    They remain the same during a recursive "include" or "redirect"
@@ -1538,11 +1572,12 @@
     ip6-cidr-length  = "/" 1*DIGIT
 
     macro-string = *( macro-char / VCHAR )
-    macro-char   = ( "%{" alpha *digit [ "r" ] *delim "}" )
+    macro-char   = ( "%{" ALPHA *modifier *delimiter "}" )
                    / "%%" / "%_" / "%-"
+    transformer  = *DIGIT [ "r" ]
 
     name        = alpha *( alpha / digit / "-" / "_" / "." )
-    delim       = "." / "-" / "+" / "," / "/" / "_" / "="
+    delimiter   = "." / "-" / "+" / "," / "/" / "_" / "="
     
 Appendix B. Extended Examples
 


<Prev in Thread] Current Thread [Next in Thread>