In <20041230043515(_dot_)GA14642(_at_)alatheia(_dot_)elm(_dot_)net> Alex van
den Bogaerdt <alex(_at_)ergens(_dot_)op(_dot_)het(_dot_)net> writes:
On Wed, Dec 29, 2004 at 09:21:15PM -0600, wayne wrote:
One of the editing changes I made was to try and carefully go through
the draft and make sure every reference to "host" or "host name" was
really talking about host and not domains. And, similarly, all
references to "domain" or "domain name" are not talking about hosts.
So, this is something that I know I have been confused about before,
and I *thought* I had it figured out. If the wording in the SPF draft
is not right, please let me know.
I think you got it right. The confusion seems to be that host
names supposedly need not be fully qualified domain names.
At least for SMTP this assumption is not valid.
In an earlier post, I mentioned that HELO and MAIL FROM domains are
often not fully qualified and John Martin pointed out that RFC2821
says that they must be. (I haven't doubled checked, but I'm pretty
sure JAM is right.)
I think the confusion on my part is because often MUAs and/or MSAs
allow just local parts, or unqualified domain names.
Technically there can be host names without a dot.
Yeah, and "localhost" is the classic example of a host that has no dot
in it.
I would like to make a couple of suggestions/remarks:
2.1 HELO identity.
After reading the changed text, I wonder if "receiving software"
shouldn't be changed into "SPF client". (I know; I proposed the
current text; sorry)
Yep, thanks for catching that.
Also I wonder if this paragraph needs a (brief) statement about
the SPF publisher which MUST publish a suitable record for HELO.
This to make it absolutely clear that it is NOT optional for
the publisher but only for the client.
I don't think this is a good idea. In theory, a domain owner could
choose to only want to protect the MAIL FROM, or only the HELO, or
maybe only certain HELO identities.
3.1 Publishing, and 4.5 Selecting records.
First of all: I am NOT against finding SPF records at the zone cut.
However, since the purpose of this document is to document the
protocol as defined by earlier drafts, I wonder if zone cuts
belong in this document. I may have overlooked it somewhere...
As I've mentioned before, zone cuts are in spf-draft-200406.
That said, zone cuts are the last major change that has been made to
the SPF spec and they are not widely implemented. I could be talked
out of including them in the spec, but I still think they are a good
idea. The alternative is to require domain owners to publish SPF
record on every host, which sucks.
-wayne