In <20040711214628(_dot_)GS29222(_at_)dumbo(_dot_)pobox(_dot_)com> Meng Weng
Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> writes:
On Sun, Jul 11, 2004 at 08:54:58PM +0200, Roger Moser wrote:
| Suppose the SPF records are as follows:
|
| example.com. TXT "v=spf1 include:inc.example.com ip4:192.168.1.3 -all"
| inc.example.com. TXT "v=spf1 ip4:192.168.1.1 redirect=red.example.com"
| red.example.com. TXT "v=spf1 ip4:192.168.1.2"
|
| Now my question is: Should "redirect=red.example.com" be ignored (because it
| appears in an included record), or should the parser be redirected to
| red.example.com while processing the included record, or should the parser
| be redirected to red.example.com at the very end?
you can run the spfquery from Mail::SPF::Query in debug mode
to observe the reference behaviour.
Implemenations are not a specification and should never be used to
give definative answers.
My interpretation from the standard is that, yes, the included record
should execute the redirect, but the redirection will not propogate
out to the top level SPF record.
The section 4.2 "include" says that include starts a new query,
resetting the <current-domain> and such.
The Section 5.1 "redirect" doesn't explicitly say this, but does note
that redirects can be chained.
I guess I was under the impression that the SPF spec explicitly said
that all modifiers do not propagate out of the include: recursion, but
it appears that only the exp= modifier has the following text:
Note: during recursion into an Include mechanism, explanations do not
propagate out.
I think this needs to be clarified in the SPF spec.
-wayne