spf-discuss
[Top] [All Lists]

Re: Zonecuts specified in SPF draft

2005-02-24 20:42:50
Julian Mehnle wrote:

 [zone cut]
So we unanimously killed it at the last meeting.

Don't replace it by the CSV-CSA-02 algorithm, that won't work
without an additional op=nosub (exclude subdomains) to skip
labels where an SPF record isn't meant to include subdomains.

Removing the "zone cut" from spf-classic-00 is too much for
any minor "48 hours" changes, so now a spf-classic-01 draft
_is_ necessary.  I've no idea how that works with the IESG
evaluation, but you should probably tell Ted that there will
be a 01 draft soon (?) addressing all 00 issues found so far.

Somewhere Wayne said that he'd like a shorter draft.  A good
candidate for removal is the old optional "overall timeout".

This is just one of many ways why checkhost() could return an
error, maybe it got a Sigterm or a malloc failed or what else,
such details are just irrelevant for SPF interoperability.
If the error handling allows any local "general failure" to
be reported as TempError it's good enough.

Better server-side wildcard records are the correct solution

ACK, a wildcard MX record or a wildcard A record with an smtpd
needs a corresponding wildcard SPF record.  Like any other FQDN
with an MX or with an IP accepting mail on port 25.  Plus FQDNs
used as HELO.  For other FQDNs "v=spf1 -all" SPF records are
okay but not strictly necessary from the POV of the FQDN owner.

                      Bye, Frank



<Prev in Thread] Current Thread [Next in Thread>