spf-discuss
[Top] [All Lists]

Re: draft-schlitt-spf-01 now available

2004-11-20 01:42:55
wayne wrote:

Even the hints that SPF records must be published for the
domains used in the HELO/EHLO commands were removed.

| Domain owners must publish SPF records for the hosts that
| are use in both the MAIL FROM and HELO identities.
.........d

Your old wording was much more accurate (3. and 3.1):

| An SPF record declares which hosts are, and are not,
| authorized to use a domain name for the "HELO" or "MAIL FROM"
| identity.
[...]
| A domain name's SPF record is published in DNS.  The record
| is placed in the DNS tree at the domain name it pertains to.

It's perfectly okay if domain owners publish sender policies
only for domains used in HELO, or only for domains used in
MAIL FROM.  Of course that's only possible if these domains
are different.

The "SHOULD NOT rely on zone cut" is a bad idea, after all the
confusion (James still has a match_subdomains=yes in his text)
this thing needs to be nailed.

What you really want is IMO a "SHOULD publish redundant sender
policies for subdomains used in HELO or MAIL FROM to avoid the
additional DNS lookups for the zone cut" (or similar).

An explanation "the zone cut default does reduce the need" etc.
is then also unnecessary.

IPv4 over IPv6:  Please mention the format, I vaguely recall
that it's trivial.

| During recursion into an "include" mechanism, exp= modifiers
| do not propagate out.  But during execution of a "redirect"
| modifier, the explanation string from the target of the
| redirect is used.

That paragraph was always confusing, IMHO you could delete it.
Especially there's no "but", an explanation affects only the
final FAIL of the corresponding record.  And a FAIL within an
"include" is never final, because it doesn't match.

Apparently you are determined to define a header.  The LWSP is
better but not good enough:   LWSP  =  *(WSP / CRLF WSP)

That allows something called "obs-FWS" in 2822, or in other
words a *WSP CRLF WSP CRLF WSP with an "almost empty" line
within the header, ugly.

How about replacing all LWSP by your own pretty FWS rule:
FWS = ([*WSP CRLF] 1*WSP)    ; Folding white space

Without the obs-FWS clause in 2822, nobody wants obs-FWS in
new software.  BTW, what's the idea of empty comments "()" ?
Maybe use:  comment = smtp-receiver ": " comment-string

In 4.5 the definition of %{d} vs. %{o} after the "zone cut"
case is still unclear, already reported in
<http://article.gmane.org/gmane.mail.spam.spf.discuss/12283>

this document is *not* intended to be an official statement
of what SPF-classic is,

Sure, you'd need "IANA considerations" for the header, and the
consensus was to use the new SPF RR in all examples (hiding
the old TXT RR for various and not only technical reasons).

How is your "slash-magic" supposed to work ?  My first guess:

As long as there is a dot (domain-end) or a % (macro-expand)
to the right of a slash (within the same term), this slash is
a part of the domain-spec.  Otherwise it starts a cidr-length.
Or it's a delimiter within macro-expand followed by "}" later.

Is that the moment where I should pray that ICANN never ever
creates a TLD different from your "." 1*ALPHA domain-end, or
is this guaranteed somewhere ?  (Apparently not in RfC 1033)

                   Bye, Frank