The spec says that the %{p} macro expands to the validated domain name of the
SMTP client, and refers to section 4.6 in the draft spec. This sections goes
on to give an algorithm to validate the domains, and then goes on to indicate
what a successful "p" mechanism match should be, which includes domain
ancestry.
It's not clear to me how much of this algorithm should apply to the %{p}
macro, or more to the point, I'm unsure of the usefulness of the %{p} macro
when using the first of the validated domains.
Here is my example:
Client IP: 195.224.71.10
HELO: _spf.exclaimer.net
FROM: spftest(_at_)_spf(_dot_)exclaimer(_dot_)net
Now, 195.224.71.10 has loads of PTR records to a whole host of domains all of
which have A records which point to 195.224.71.10, so all of these domains
are valid according to the 4.6 spec rules (and indeed a "p" mechanism in an
SPF policy would match for the above client information).
However, in the case of the %{p} macro, the first validated domain has
nothing to do with _spf.exclaimer.net.
Would it not be more logical to return the responsible-domain (or an ancestor
thereof) if such a validated domain exists, and if not, then to use the first
validated domain that was returned?
Have I missed some subtle point on the %{p} macro?
-Gary