william(at)elan.net wrote:
Well, perhaps you can lead by example and stop using "xyzzy"
for HELO name (its not FQDN)....
xyzzy has no dot in it, therefore it's no domain as specified
in 2821. But that's none of your business, because I do not
use it with third parties, and you won't find a sender policy
for xyzzy. It's only a stupid MUA, it uses its smart hosts.
BTW, if I'd use sendmail an xyzzy.invalid won't be better ;-)
Even HELO xyzzy.dnsalias.org would be useless with a dyn. IP:
no smtpd, no sender policy, no MX.
[...]
that calls for SCOPE syntax that is compatible with SPF1
Scope syntax is by definition incompatible with v=spf1, we've
already discussed this here, anything allowing to exclude HELO
and/or MAIL FROM in v=spf1 is impossible.
If you need different v=spf1 policies just use a different FQDN
for HELO, something like mail2.your.example below your.example.
But I don't think positional modifiers would break spf1.
A positional only=helo or not=helo breaks v=spf1, because all
existing implementations don't know it and therefore ignore it.
keeping current all v1 implementations still fully compatible
with standard even if they do just Received-SPF or just
Authentication-Results or both
That should be possible, but draft-kucherawy is far from ready.
BTW, our new council just decided to put HELO firmly back into
v=spf1 (as it always was, but lentczner-00 didn't mention it)
Currently SPF2.0 does not exist at all
Meng / Harry / Jim submitted separate drafts after MARID, in
theory it exists. AOL published spf2.0/pra, and sendmail.inc
tests it. Whatever that means, maybe collecting hard facts
why PRA is a bad idea (?)
I would argue that it needs to be changed to "MAY" in
sclitt-01 and preferably moved to its own draft text.
ACK, I like both ideas. For a MAY / SHOULD the ABNF has to be
fixed, and it needs IANA considerations, that's all. Wasting
weeks with this minor point would be stupid.
Wayne documented how his library works and that happens to be
adding Received-SPF (that does not mean there is a consensus
from SPF Communithy that it should be used for the future
or be included and be documented in main spf draft)
In my parallel universe Wayne's draft _is_ now the nearest to
"no more bugs" and "common v=spf1 practice". Received-SPF is
implemented in SA 3.x, isn't it ? It causes no harm, it's not
important, and with a correct ABNF it won't upset me.
Topics like "zone cut" are much more interesting. Some VIPs in
CLEAR said that "zone cut" cannot work (but they didn't explain
the details). When I tried `nslookup -q=ns sub.do.ma.in` this
_apparently_ always worked, but I didn't test it very often.
Bye, Frank