spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [SPF v1 Draft] Last chance before I submit...

2004-10-15 01:13:02
from [Mark] [Permanent Link] 
Mark Lentczner wrote:


check_host() returning "Fail" with a reason of "Domain Does Not
Exist" need not map to rejection if you so wish.  Do whatever you
like with that result.  It can be distinguished from "Fail" with
reason "Not Permitted", which is the domain advised forgery case.
This is the reason the reason codes exist.  (Though I admit that
this point may not be as clear in the draft as it could be.)


What are "reason codes"? When I think codes, I think of regular, or enhanced
SMTP reply codes. In all your examples, only 550 is used:

    550 SPF Mail From check failed: Malformed Domain

    550 SPF Mail From check failed: Domain Does Not Exist

    550-SPF Mail From check failed: Not Permitted
    550-The domain example.com said:
    550 Please see http://www.example.com/mailpolicy.html

"Do whatever you like with that result" is not a statement I fully
understand; a 550 return code can, imho, only lead to one result: REJECT.

Now, in case of NXDOMAIN, is it really always true what it says under "2.4.3
Fail"?

   If the checking software chooses to reject the mail during the SMTP
   transaction, then it MUST use a 550 reply code

Because it appears to me, that, in case of NXDOMAIN, a 501 ("Syntax error in
parameters or arguments") error should occur, the way sendmail does, for
instance; it returns an extended code "501 5.1.8", where RFC 1893 defines
X.1.8 as follows:

    X.1.8   Bad sender's system address

        The sender's system specified in the address does not exist
        or is incapable of accepting return mail.

That would be our case where neither A nor MX record exists for a domain.

Earlier I said that the point is probably moot, as most MTAs will already
REJECT such an NXDOMAIN at the gate. Now, in the case of MAIL FROM: <>,
where HELO is used to form a postmaster(_at_)HELO address, 550 is in order, as
the supplied "<>" address itself is not a "Bad sender's system address". But
in case the NXDOMAIN appears in MAIL FROM, should not an SPF implementation
respond in kind? With "501 5.1.8", that is.

- Mark

        System Administrator Asarian-host.org

---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SenderID and v=spf1 - Please say NO, jpinkerton
Next by Date:  [SPF v1 Draft] Last chance before I submit..., Roger Moser
Previous by Thread:  Re: [SPF v1 Draft] Last chance before I submit..., wayne
Next by Thread:  Re: [SPF v1 Draft] Last chance before I submit..., Mark Lentczner
Indexes:  [Date] [Thread] [Top] [All Lists]