On Wed, Sep 29, 2004 at 01:18:49PM -0700,
william(at)elan.net <william(_at_)elan(_dot_)net> wrote
a message of 108 lines which said:
-----------------------------------------------------------------
Step | SPF Identity | Result of verification
-----+---------------+-------------------------------------------
1 | SPF2.0/HELO | If Fail -> reject, otherwise go to 2
2 | SPF2.0/SUBMIT | If Fail -> reject, otherwise go to 3
3 | SPF2.0/MFROM | if Pass -> accept email, otherwise go to 4
4 | SPF2.0/PTR | If Fail and #1 was not Pass -> reject
I may be thick but why is it necessary to specify the algorithm to use
and the results? Why not providing several SPF records for several
identities and let the user decide which to check and how to combine
them? (Specially since the user may be a scoring system like
SpamAssassin which does not yield binary Pass/Fail but scores.)
I do not think it will be possible to get a consensus on such an
algorithm so why not concentrating on the syntax of the record and on
the definition of the identities and waiting more experience before
deciding how to combine the checks?