I agree with Roger, but with the caveat that we should not break existing
parsers, so the original post that I made still stands noting the obvious
issue Wayne highlighted that there was a parser by Hector Santos that
required
the modifiers to be at the end.
To re-iterate:
"v=spf1 mx -all scope=p +ip4:195.224.71.10/24 -all"
My take is that newer publishers working from the SPF spec are entitled to
place the modifier whereever they like (so that Hectors' implementation will
need to be upgraded anyway).
Roger's extension to the "scope=" (or "s=") modifier covers all the variants
but I'd prefer to see "s=*" for all scopes. Actually thinking about it, "s=s"
for the "pra" scope is a little confusing, perhaps it ought to be "sc="?
Also, without the scope modifier, the mechanisms should only operate in the
"mail-from" & "helo" scopes for backward compatibility.
Also, harking back to a previous post, can the %{p} macro please not return
the first domain, but the {responsible-domain} if present, otherwise the
first
domain?
I'd also like to see mandatory statements concerning the max # of DNS queries
that can reasonably be performed to enforce a policy, so:
Infinite loop in include/redirect MUST return "unknown"
More than 10 DNS mechanisms per scope policy MUST return "unknown"
More than 10 redirected/included scope policies MUST return "unknown"
(Not recursion depth)
(Total 100 scope mechanism tests - should be enough don't you think?)
More than 30 seconds elapsed time MUST return "unknown"
-Gary
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Roger
Moser
Sent: 08 July 2004 07:56
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] What else to go into the pot?
Meng Weng Wong wrote:
Anyone who would like to add stuff to SPF should please
speak up now, but also speak up in awareness of the Unified
drafts posted at http://spf.pobox.com/unified/
If SPF1 includes theUnified SPF, then the 'scope' modifier should be added.
My suggestion:
The syntax is:
scope = "scope" "=" [ [ "-" ] scope-element *( "," scope-element ) ]
scope-element = ("m" / "h" / "s" / "p")
"m", "h", "s", "p" mean the "mail-from", "helo", "pra", "ptr" scopes.
If there is no 'scope' modifier, then all mechanisms are tested for all
scopes.
The 'scope' modifiers is place-dependent and immediately takes effect for
all following mechanisms. Any mechanism is skipped if the scope is not
listed in the 'scope' modifier.
"scope=" means "all scopes".
"scope=m" means "only 'mail-from' scope".
"scope=-h" means "all scopes except 'helo' scope".
"scope=m,h" means "only 'mail-from' and 'helo' scopes".
Note that the 'all' mechanism is also ignore if it is the wrong scope.
So for example testing "v=spf1 scope=-h mx -all" in the 'helo' scope is
equvalent to testing "v=spf1" (without "-all).
In order to make the SPF records shorter we could use "s=" instead of
"scope=".
Roger
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Send us money! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com