spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: help with reference implementation

2004-06-08 18:42:45
from [wayne] [Permanent Link] 
In 
<FAEB29CCD497D043AA05ACFA4AEE313D018948A5(_at_)zixit-exch-01s(_dot_)mrktg(_dot_)zixadmin(_dot_)com>
 "Philip Tucker" <PTucker(_at_)zixcorp(_dot_)com> writes:


I am using the Perl reference implementation from the pobox site.  A
couple questions:

1) The following is my understanding of what the various statuses
mean:

fail - [...]
softfail - same as fail, but sender domain allows for possibility of
other valid sender IPs


I agree with all your definitions except this one.  I would say that
softfail is closer to neutral than fail.  The idea is that, if
possible, you should give some sort of warning to the user that they
are using a discouraged/depreciated IP address.

For example, you could give a graylisting-like SMTP 4xx temp-fail with
a warning message the first time the an email shows up that softfails,
but accept it the second time.  Or, an MTA could display a warning if
it notices a Received-SPF: header that shows a softfail.  Or,
something could be added to the Subject: line or even the message
body.

When in doubt, you should probably treat an email that softfails like
neutral and accept it if you would have accepted it otherwise.
Rejecting an email on softfail isn't completely out of line, but it is
a little extreme.  Adding a small amount to a SpamAssassin-like spam
score might be a reasonable thing to do.



neutral - [...]
unknown - [...]
error - [...]
none - [...]
pass - [...]

In the testing I've done so far, about half the messages result in a
response of "neutral" and none have resulted in "none".  This seems
backwards from what I would expect given the explanations above.  I
get the following explanation via the "SMTP comment" URL returned for
"neutral":


The return codes of "none", "neutral" and "unknown" should all be
treated the same.  For that reason, it is possible that some SPF
implementations or MTA patches always merge these three status codes
into "neutral".



2) The module takes both a HELO and MAIL FROM argument.  Does it do
anything with the HELO domain?  Is it used only if the MAIL FROM is
empty?


Yes, the HELO domain is only used if MAIL FROM is empty.  In
spfquery program in libspf-alt, only one of the two parameters needs
to be supplied.  It seemed silly to me to require both when only one
would be used.


-wayne
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: a "never relays" parameter, wayne
Next by Date:  Points of rejection, Andrew Church
Previous by Thread:  help with reference implementation, Philip Tucker
Next by Thread:  RE: help with reference implementation, Michael R. Brumm
Indexes:  [Date] [Thread] [Top] [All Lists]