James P. Rutledge wrote:
Possible inconsistency in draft specifications.
ACK, the match_subdomains=yes didn't make it in the following
parts, although it's very very important for MARID solutions,
where wildcards wouldn't work. In chapter 5 it's mentioned:
| This document reserves one extension modifier, "accredit",
| one deprecated modifier "default", and one future modifier
| "match_subdomains".
Other traps and pitfalls:
| Note that SPF records SHOULD always either use a redirect
| modifier or an "all" mechanism to explicitly terminate
| processing.
IMHO that should be either "all" or "redirect=", because "all"
_and_ "redirect=" makes no sense. Especially any "redirect="
before "all" is nonsense, maybe the debug mode of why.html
should flag this as potential error.
And a situation where neither "redirect=" or any "all" are
specified (resulting in a default "?all") is also a potential
error. Unfortunately I have no test domain to check this with
<http://spf.pobox.com/why.html?debug=1>
Another problem found in spf.help :
<http://articles.gmane.org/gmane.mail.spam.spf.help:116>
If the MAIL FROM is empty and the HELO says domain.example, are
the MX for domain.example automatically okay, or is it really
necessary to add "mx" to the sender policy of domain.example ?
That's somehow related to the CSV vs. SPF debate in MARID, but
I don't kow how. Maybe it should be mentioned in the next SPF
draft (not the SenderID MARID core stuff, but the pure classic
SPF draft used by everybody minus MicroSoft).
Bye, Frank