Chris Drake wrote:
If the domain does not exist (NXDOMAIN) an SPF client MUST return
"unknown".
This is the correct behavior. Not all domains are public or in public
DNS's, duplicate lookups don't matter coz of local result caching, and
it's not the job of SPF to decide for the admin what to do with fake
domains - such decisions already exist elsewhere in everything, so
adding it to SPF is bad.
I agree with you. All I was asking for is "good design". SPF already has
some piece of information that is needed in the downstream processing
chain. So communicating it, instead of making that chain look it up
again is poor design.
In fact, as I found out, the new draft, draft-schlitt-spf-classic-00.txt
already addresses this problem, and replaces the "unknown" result,
with "PermError", and recommends ("SHOULD") that email from non-existent
hosts be rejected.
It seems someone else has already noticed this fundamental problem and
fixed it.
Anyway - we all know that SPF should avoid feature-creep and settle
down, stop changing, and "get out there". Every time you update
anything, you turn away load of people who decide "SPF must be just
another set of unprofessional, dangerous, untested ideas by wannabe
antispammers".
The ASRG is treating it as such, all the current implementations (libspf
and libspf2 alike) have serious flaws, and there is no initiative to set
up a test and certification harness that I know of yet. I'd love to
think SPF is more mature than it is. It's a great idea and has legs, but
it is in its infancy.
We must make the distinction between feature-creep and bug fixes.
Anyway, thank you Mr. Schlitt, the revised draft is a step in the right
direction.
But I'm not clear on one thing: does the schlitt draft supersede the
meng draft, are they competing, and what is the status of the group ?
What's the intended plan of record as far as standardization of the SPF
protocol?
Regards,
Radu.