spf-discuss
[Top] [All Lists]

RE: Unified SPF works in progress now in alpha

2004-07-06 01:10:58
And an example of record for two identifies is for example:
mydomain.com "v=spf1 sm+ip4:192.168.16.0/19 ph+ip4:192.168.20.0/24 -all"


<snip>

Enclosing the scope parameters inside parentheses:

v=spf1 (sm)+ip4:192.168.16.0/19 (ph)+ip4:192.168.20.0/24 -all

Separating multiple scope parameters by commas:

v=spf1 (s,m)+ip4:192.168.16.0/19 (p,h)+ip4:192.168.20.0/24 -all


Reducing lookups is a good thing and without trying to seem overly nitpicky,
these examples as proposed would break the existing SPF parsers out there, so
we really ought to either:

   "v=spf2 ..."

or use an existing syntax to introduce the scope, e.g.

   "v=spf1 scope=s,m +ip4:192.168.16.0/19 scope=p,h +ip4:192.168.20.0/24
-all"

However, this does mean that an existing SPF parser would attempt to use the
/24 CIDR ip4 mechanism for MAIL FROM query which isn't what the domain owner
published for his policy, so perhaps it ought to be something like:

   "v=spf1 scope=s,m +ip4:192.168.16.0/19 -all scope=p,h +ip4:192.168.20.0/24
-all"

Here, existing v1 parsers will stop at the first "-all", but unified parsers
would know that the modifier "scope=" indicates that there are potentially
many policies in the same record for the different query methods. Of course
it stands to reason that the scope of the first policy MUST include the MAIL
FROM version for the classic parsers, but this is getting complex to
document, let alone describe now.

-Gary