On Fri, 22 Oct 2004 15:33:28 -0600, Commerco WebMaster
<webmaster(_at_)commerco(_dot_)net> wrote:
I liked guy's idea to further qualify ordering of scope with if/then and
boolean logic choices, but I don't really know if that level of flexibility
would be needed for most implementations. Nevertheless, I like it because
it really does maximize the likelihood that Scope should be able to provide
an absolute publisher intended answer for just about any combination of
scopes thrown at it.
On Mon, 25 Oct 2004, Michael Hammer wrote:
I like this approach as well.
Hi guys. I think I missed something. Why do scopes have to have an ordering?
Is this the order you check them, or something else having to do with figuring
out whether the terms of the SPF record are applied?
By doing this, I think that I have less to maintain because any changes
impact the entire domain and thus I only have to address exceptions when I
might need to make changes to SPF TXT records. I don't think there is
anything in the specification which precludes doing a redirect= to
something outside from a domain.tld, but I treat my publishing of redirect=
as if that were the case. If there are no restrictions on redirect= to
send outside of domain.tld for domain.tld records, should there be such a
restriction added? If this is done, what does doing that break?
My inclination would be to say there shouldn't be a restriction. I
need to do some more thinking on this though.
The ability to redirect to other domains is important for folks who own lots
of domains. It allows them to publish redirects on 999 zones and the real
heart of the SPF policy on just one.
There are other situations where you might use redirect= but this is an
important one.
With a = Any or All scope, perhaps the age of the specification might
dictate the order of processing (perhaps also the case with default no
scope). In other words, start with the basic SPF specification and test
forward based upon both what the publisher has published and what the SPF
request processing server has implemented. ...
If this is the direction that we go then I would propose that the
order that scopes are tested should be the order in which they are
published in a record. A recipient MTA may choose to ignore a
particular scope but the order should not be changed.
This goes to the heart of why ordering creates additional problems. Let's
say that the HELO, From: and MAIL FROM all have different domains, and each
domain's SPF record disagrees about the ordering. Which one is correctly
chosen as the first one? If the first two disagree about which one should be
third, what do you do?
I think ordering is important for the software writer to think about, but
should NOT be built into the SPF record. Assume that when processing of a
given SPF record starts, the receiver/parser already has a scope in mind --
our job is only to tell it which parts of the record apply to the "current"
scope, not where to go next.
Does that make sense?
--
Greg Connor
gconnor(_at_)nekodojo(_dot_)org
Everyone says that having power is a great responsibility. This is a lot
of bunk. Responsibility is when someone can blame you if something goes
wrong. When you have power you are surrounded by people whose job it is
to take the blame for your mistakes. If they're smart, that is.
-- Cerebus, "On Governing"