spf-discuss
[Top] [All Lists]

Re: "redirect" in an included SPF record

2004-07-12 13:46:49
Meng Weng Wong wrote:

| IMHO an evaluation of redirect=x should result in %{d} == x,
| just like an evaluation of include:x results in %{d} == x.
 
Well, it does.  :)

Good, one thing (among others) I like about the syntax:  It's
almost always clear even without reading the specification. ;-)

| what -include:x / ~include:x / ?include:x really do
| if somebody uses it.
 
if the include returns a match, you get the indicated
result.

Okay, maybe it's useful in special cases, where whatever passes
for x should fail for y.

Roger's example is still interesting, maybe you can use it
somewhere in the new drafts.  Or maybe a less obvious example:

the.example  "v=spf1 include:inc.example 
                     ip4:9.9.9.3 redirect=red.example"
inc.example  "v=spf1 ip4:9.9.9.1 redirect=blue.example"
red.example  "v=spf1 ip4:9.9.9.4 -all"
blue.example "v=spf1 ip4:9.9.9.2 -include:red.example ?all"

Here "blue" says that it never sends mail via IPs used by "red".
And "inc" also never sends mail via IPs used by "red", because
it redirects its policy to "blue".  Therefore 9.9.9.1 and
9.9.9.2 PASSes for "inc", but 9.9.9.4 FAILs.  Anything else
results in DONTKNOW ?all.

But for "the" 9.9.9.4 PASSes, because its include:inc only
matches 9.9.9.1 and 9.9.9.2, and later the redirection to "red"
says that 9.9.9.4 is okay, anything else FAILs.

Is this interpretation correct ?  Bye, Frank