wayne wrote:
feel free to submit whatever you want. The council has,
at various times, shown they can vote pretty quickly. ;-)
Sigh. Proposed change (copied from my original -01pre2 report)
- Care must be taken to correctly extract the <domain> from the
- <sender> as many MTAs will still accept such things as source routes
- (see [RFC2821] appendix C), the %-hack (see [RFC1123]) and bang paths
- (see [RFC1983]). These archaic features have been maliciously used
- to bypass security systems.
+ Care must be taken to correctly extract the <domain> from the
+ <sender> as MTAs must still accept source routes (see [RFC2821]
+ appendix C). Source routes and the %-hack (see [RFC1123]) have
+ been maliciously used to bypass security systems.
Rationale:
1) bang paths are irrelevant (not only for SPF) for SMTP
2) The %-hack is irrelevant (not only for SPF) after RfC 2821
3) Extracting a domain from <local(_at_)domain> is no rocket science,
if there's any problem then it's about "@" in quoted-string,
not about ! or %, e.g. MAIL FROM:<"some(_at_)where"@example.com>
4) Source routes MUST be accepted as per STD 10 and RfC 2821.
SPF is not the place to propose that some MTAs might wish to
reject all source routes in violation of STD 10 and RfC 2821.
I read "many still accept" = "some already reject". Bye, Frank