spf-discuss
[Top] [All Lists]

Re: SV: SV: Recursion limit of 20 include/redirects total

2004-05-11 09:28:11
Lars Dybdahl wrote:
Please look closely at my example:

v=spf1 a:my.own.mail.server 
include:some.rarely.used.mailsystem.of.one.of.my.friends -all

If this friend creates a loop in his setup, I would want the fallback to be

v=spf1 a:my.own.mail.server -all

Whereas you want it to be:

v=spf1 a:my.own.mail.server ?all

As SPF rolls out, I can see situations like this becoming very common.

How about this example, very similar to yours:

domain.a txt "v=spf1 a:mail.domain.a include:domain.b -all"
domain.b txt "v=spf1 a:mail.domain.b include:domain.a -all"

Which of these is wrong? Both, or neither?

The current draft spec. enforces loop detection but only specifies that it MAY result in a return value of "unknown". I would have thought it more intuitive for processing of an include: mechanism to simply be ignored if processing of that record was already in progress.

This would allow the example above to be equivalent to:

domain.a txt "v=spf1 a:mail.domain.a a:mail.domain.b -all"
domain.b txt "v=spf1 a:mail.domain.b a:mail.domain.a -all"

which is surely what the authors of these records would have intended, rather than:

domain.a txt "v=spf1 a:mail.domain.a a:mail.domain.b ?all"
domain.b txt "v=spf1 a:mail.domain.b a:mail.domain.a ?all"

which is what I think the spec. suggests.

Any thoughts?

Paul.