spf-discuss
[Top] [All Lists]

RE: Re: MAIL FROM address literals etc.

2004-10-14 08:19:56
Options I like for when the address is: user(_at_)[1(_dot_)2(_dot_)3(_dot_)4]

Best option IMHO:
        The use of an address-literal is depreciated, and check_host() will
return FAIL result with a reason "malformed domain".

Other option:
        Allow an address-literal, but since no SPF record can be found,
check_host() will return None.

This is from: 1. Introduction
An additional benefit to mail receivers is that when the use of an
   identity is verified, then local policy decisions about the mail can
   be made on the basis of the domain, rather than the host's IP
   address.  This is advantageous because reputation of domain names is
   likely to be more accurate than reputation of host IP addresses.
   Furthermore, if a claimed identity fails verification, then local
   policy can take stronger action against such e-mail, such as
   rejecting it.

Guy


-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Frank 
Ellermann
Sent: Thursday, October 14, 2004 8:02 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] Re: MAIL FROM address literals etc.

Bruce Barnes wrote:

Mailservers are technically required by RFC1123 5.2.17, to
accept mail to domain literals, for any of their assigned IP
addresses.

Yes, that's the RCPT TO case, but for SPF the relevant problem
is MAIL FROM an address literal.  The RfC 2821 syntax allows
this (4.1.1.2):  A reverse path minus routing info is simply a
mailbox in angle brackets.

A mailbox is local part @ domain.  A domain is either an FQDN
or an address literal:

| Domain = (sub-domain 1*("." sub-domain)) / address-literal

But as Raymond said, address literals in MAIL FROM are very
unusual, and maybe they are even "verboten".  Unfortunately I
don't find anything in the RfC to support this interpretation.

Receivers are generally free to reject any MAIL FROM if they
don't like it.  SPF uses this to reject a forged MAIL FROM if
the result is FAIL.  It's also possible to reject a MAIL FROM
for other reasons (RHSBLs, syntax errors, etc.)

But normally receivers have to accept legitimate mail to their
postmaster mailbox.  Otherwise they are "RfC-ignorants".  Now
if a mailer with IP 1,2.3.4 sends MAiL 
FROM:<user(_at_)[1(_dot_)2(_dot_)3(_dot_)4]>
to the postmaster of a system supporting SPF, then this will
always FAIL with a reason "malformed domain".

But [1.2.3.4] isn't a "malformed domain", it's a "Domain" as
specified in RfC 2821.  Are systems supporting SPF potential
"RfC-ignorants" ?  Is this a bug in the actual SPF draft ?

                             Bye, Frank


-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription, 
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com