spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

ebay spf records

2004-10-05 09:35:09
from [Holm, Mark] [Permanent Link] 

Roger Moser wrote:


This is Microsoft's syntax. 
See <http://www.anti-spamtools.org/SenderIDEmailPolicyTool/Default.aspx>. 
So what can we do? 


Perhaps not. See below.  The problem I think is twofold.

1.  Neither the SenderID or SPF Classic specs are sufficiently pointed about 
the argument of an a: mechanism being preferably a domain name and not an IP 
address.  The inclusion of a cidr length adds confusion.  People are not used 
to something that looks like domain.com/24.  (is that legal?  That is the way I 
read the specs, but I could be mistaken.)

2. The MS wizard that you give the link to, is even more unclear, and 
practically begs one to make this mistake.  The wizard at spf.pobox.com is 
better, at least it says "regular hostnames" in the box where one types a: 
mechanism arguments.  It will still allow the a:1.2.3.4 form.  I don't know how 
much of an implementation problem this presents.  Will all implementations 
translate it the same way?   It would be better if the wizards and validators 
flagged any a:1.2.3.4 and perhaps mx:1.2.3.4 occurences with a warning.  This 
would be a useful addition to the wizard at spf.pobox.com.

More examples, including examples of legal but non optimal syntax, would also 
be a help.  Unclear instructions are common cause of people making mistakes.  
Instruction writers don't like to admit this.  They prefer to blame stupid or 
careless users.  Since I am a fairly good reader, I often spot instances of 
unclear instructions.  Writers are at least as likely to be at fault as users, 
in my experience.

Mark Holm


from  
http://download.microsoft.com/download/4/3/9/439b024b-09fd-44ee-8ff0-10e834004c36/senerid_spec2.pdf

<quote>
Several of these mechanisms and modifiers have a <domain-spec> section. The 
<domain-spec> string
is macro expanded (see Section 7). The resulting string is the common 
presentation form of a fully
qualified DNS name: A series of labels separated by periods. This domain is 
called the <target-name>
in the rest of this document.
</quote>

and

<quote>
4.3 "a"
This mechanism matches if <ip> is one of the <target-name>'s IP addresses.
A = "a" [ ":" domain-spec ] [ dual-cidr-length ]
The <ip> is compared to the IP address(es) of the <target-name>. If any address 
matches, the
mechanism matches.
</quote>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Why I think we should tolerate compatibility with PRA., Chip Mefford
Next by Date:  Re: What to include..., Mark Shewmaker
Previous by Thread:  Re: ebay spf records, Meng Weng Wong
Next by Thread:  Re: ebay spf records, Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]