Mark,
|Friends -
|
|Thanks so much for all the feedback, review, comments,
|suggestions, corrections, and encouragement on the draft for SPF
|v1. I have read and sifted all the input and made numerous
|changes, mostly very small, to produce this latest version:
|
http://www.ozonehouse.com/mark/spf/draft-lentczner-spf-00pre2.htm
l
|
http://www.ozonehouse.com/mark/spf/draft-lentczner-spf-00pre2.txt
|Unless I hear gnashing of teeth, I will prepare it for
|submission to the IETF as an internet-draft on Wednesday, and
|then begin the process of moving it to experimental RFC status.
<snip>
First of all, thank you very much for all of your efforts
to date. I have one minor editorial comment and one
significant comment.
* In section 3.0 first sentence you write:
SPF records declare which hosts are, and are not,
authorized to use a domain names for the "Mail From"
identity.
You have the indefinite article describing a noun in the
plural tense. (Okay, extremely picky.) It would be better
to write:
SPF records declare which hosts are, and are not,
authorized to use a domain name for the "Mail From"
identity.
* In section 4.0, you write:
"The check_host() function fetches SPF records, parses them,
and interprets them to evaluate if a particular host is or
is not permitted to send mail in a given context. Mail
receivers that perform this check MUST correctly implement
the check_host() function as described by the canonical
algorithm defined here.
Implementations MAY use a different algorithm, so long as
the results are the same."
To my mind, there is a contradiction between the last
sentence and the previous paragraph. The implementer is
told she "MUST correctly implement the check_host()
function as described by the canonical algorithm defined
here." At the same time, the implementer is told she "MAY
use a different algorithm, so long as the results are the
same."
I appreciate it is possible one can use the same record in
different ways and get the same result. Also, there may be
a better way of running the mail from check. In addition,
some implementers may want to use the record for other
checks.
In the circumstances, it is better to state:
Implementations MAY use the SPF records in a different
algorithm, so long as: (i) the specifications are open
standard and if encumbered by an intellectual property
rights claim are available for use by way of a license
which is compatible with the requirements of the Open
Standards Alliance model; and (ii) the results are the same.
This ensures the protocol is inclusive and any other
algorithm is available for use by the open source community
at large.
Trusting this helps,
John
John Glube
Toronto, Canada
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.773 / Virus Database: 520 - Release Date: 05/10/2004