spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: the Seth Hypothetical

2004-10-22 13:11:41
from [william(at)elan.net] [Permanent Link] 

On Fri, 22 Oct 2004, Commerco WebMaster wrote:


William,

I like this scope idea from a publishers standpoint, as it tends to avoid 
the issue of having many different version (v=spfx) records to support 
(perhaps even concurrently).

Would it also be worth considering that the order of the sc= might serve as 
an order of processing for SPF record processing servers?  That way, if any 
one scope processing implementation conflicts over another, the publisher 
is able to explicitly state their preference by the order of the intended 
behavior for their published records to take place by following the sc= 
list order itself.


That is an interesting idea, however do remember that often when you're 
checking multiple ids, the scope for each id might come from different 
domain record. So what do you do as far as conflicts between these records
and they have different positions of scoping modifier?


This could be further broadened to recommend the processing server has 
direction as to the final processing result by using the same +/-/~/? 
syntax that is followed in "all".  In instances where a conflict may happen 
by virtue of the published record, the earlier in the list still takes 
precedent, irrespective of the +/-/~/? syntax.  e.g.,

v=spf1 sc=-m,~s,p mx -all  - the record applies for Mail-From, Submit, PRA

but would also mean that the processing order for the above mentioned 
scopes would also be m,s,p and that if -m processing does not pass, the 
whole transaction result is FAIL, whereas the ~s would not do this. 


Again same problem as above. But we should explore the idea further when 
talking about UnifiedSPF. But this also opens big holes that spammers
maybe able to explore and generally it maybe better if recepient decides 
what he wants to check and how (but I personally want that standartized
with something like BCP).


Scopes as follows:
 m = rfc2821 mail-from (spf classic)
 h = hello
 s = submit
 i = ip ptr
 p = microsoft pra

After thinking it through I'm going to add two more non-identity scopes
to above list:
     n = nothing, means don't interpret operators after that. This allows 
         to quickly "comment out" certain part of spf record without
         actually completely deleting it
     a = Any or All. This means that it may match any scope, kind of like *
         Possibly this maybe a default if scope is not present

And here is example with "n" specially for Phillip:

v=spf1 sc=n ?all sc=m mx -all

-- 
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Re: New ideas for RFC2822 headers checking with SPF, Seth Goodman
Next by Date:  Re: Re: When did we lose control?, wayne
Previous by Thread:  RE: the Seth Hypothetical, guy
Next by Thread:  Re: the Seth Hypothetical, Commerco WebMaster
Indexes:  [Date] [Thread] [Top] [All Lists]