spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Using "v=spf1/scope1,scope2,scope3 " as a scoping syntax

2004-10-31 19:09:09
from [Greg Connor] [Permanent Link] 


--Mark Shewmaker <mark(_at_)primefactor(_dot_)com> wrote:

The upshot of all this is that:

1.  We'd have wiggle-room for people to define a senderID-type PRA
    scope in a separate document, without the need to bump the
    version string.

....

So this is a change in the sense that all libraries would have to be
updated, but not in the sense that it would change the meaning of any
currently-published records or any records that would be published
in the near future.
Well. If all the existing, published, running code has to change, that's a tall barrier. At that point it makes little difference whether you change the number, I think. 



I think this is a better solution than doing scoping with modifiers, as
the latter would either require positional modifiers, (ugh), or it would
require allowing multiple spf records with differing scoping modifiers,
which is not backwards compatible with the current spf libraries that
would see that as duplicate records and return permerror.
I agree that this is (slightly) better than scoping with modifiers, but still has the same problem. We are changing the spec out from under folks who have published working code.
There is really no way to ensure that people won't go an misinterpret your v=spf1 records, or even your spf2.0/scopeA record if they have a scope that was not covered before and they feel it's substantially similar to the scope you are publishing. If asking them politely not to doesn't work, giving them some new feature to the language probably won't work either.
I don't really have a strong preference as to whether scope is a modifier or a macro, but I do have a strong preference to not retroactively change the v=spf1 spec. Whether domain owners have to change, or library writers have to change, or both, it doesn't much matter; we are changing a working, production spec out from under them. Why not just call it spf2 if you are going to change the rules? 



(I do recognize however, that using positional modifiers and a more
difficult-to-read record may allow publishers to put a single
mfrom,pra,helo-scoped set of rules in one record instead of 3,
compressing things such that everything fits in UDP size requirements,
where that might not be possible with multiple TXT records.)

--
Mark Shewmaker
mark(_at_)primefactor(_dot_)com

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta
features SPF and Sender ID. To unsubscribe, change your address, or
temporarily deactivate your subscription,  please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com




--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Re: Moved to SES-DEVEL list, Seth Goodman
Next by Date:  Re: A delightfully novel idea, Greg Connor
Previous by Thread:  Re: Using "v=spf1/scope1,scope2,scope3 " as a scoping syntax, Frank Ellermann
Next by Thread:  A delightfully novel idea, James Couzens
Indexes:  [Date] [Thread] [Top] [All Lists]