spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [SPF v1 Draft] Last chance before I submit...

2004-10-14 21:36:32
from [Mark Lentczner] [Permanent Link] 
Some points:
* The language in question has been in the drafts I've worked on since at least early July.
* check_host() returning "Fail" with a reason of "Domain Does Not Exist" need not map to rejection if you so wish. Do whatever you like with that result. It can be distinguished from "Fail" with reason "Not Permitted", which is the domain advised forgery case. This is the reason the reason codes exist. (Though I admit that this point may not be as clear in the draft as it could be.)
* Had we not distinguished different "Fail" cases with a reason code, we'd be distinguishing different "None" cases with a reason code, since some people will want to treat the RCODE 3 case differently from the no SPF record case. Or we could have had yet another return code. Technically there is no difference, though once could argue that there is a different implication to the naive user. At over 45 pages, however, this spec should never be implemented by a naive user!
* RCODE 3, commonly called "domain does not exist" or NXDOMAIN, is well defined in RFC 1035, which is normative to the draft.
* RCODE 3 is only returned when there are no records at all for a queried name. If there records for the domain, but just none of the queried type, then RCODE 0 (no error) is returned, and an empty answer section. This later situation does not trigger the "Fail" with reason "Domain Does Not Exist" in check_host().
* It would seem that rejecting mail from domains that have no way to reply to them (having neither A nor MX records) is common practice.
* Back in July I choose to make the check_host() function have a result for all inputs. Hence, there are inputs, such as for domains that don't exist, or for mal-formed domains, or mailboxes that are really address literals, for which I think it is rightly claimed that the SPF test can't even be performed, yet check_host() needed to return something. These are the "Fail" returns with reasons other than "Not Permitted".
* If you don't want to reject messages with null reverse paths that fail the check_host() function with a reason of "Domain Does Not Exist", you can do so. This case is discernible and permitted. (Incidentally, I think this is another nail in the coffin for the null reverse path rule.)
* I don't recall the discussion on #spf, so I can't comment. (Do I sound like Ronald Regan here? I suppose the relevant logs will be supplied soon enough...) 

        - Mark
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [SPF v1 Draft] Last chance before I submit..., Mark Shewmaker
Next by Date:  Re: [SPF v1 Draft] Last chance before I submit..., wayne
Previous by Thread:  [SPF v1 Draft] Last chance before I submit..., Roger Moser
Next by Thread:  Re: [SPF v1 Draft] Last chance before I submit..., wayne
Indexes:  [Date] [Thread] [Top] [All Lists]