spf-discuss
[Top] [All Lists]

Re: The (almost) final SPFv1 spec: draft-schlitt-spf-classic-01pre5

2005-05-07 18:33:43
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Wayne Schlitt wrote:
I have just released a newer version of the SPF Internet-Draft.

Attached are some more minor amendments to -01pre5.  See the inline 
comments.

Besides, I found two issues I could not directly turn into patches:

1) Section 2.4, "Checking Authorization":

| While invalid, malformed, or non-existent domains cause SPF checks to
| return "none" because no SPF record can be found, it has long been
| the policy of many MTAs to reject e-mail from such domains,
| especially in the MAIL FROM.  In order to prevent the circumvention
| of SPF records, rejecting e-mail from invalid domains should be
| considered.

What SPF records could be circumvented by using invalid domains in any of 
the identities?  IMO that doesn't make sense.  The only "exploit" I can 
see in this is a way to avoid a "None" result due to he use of a 
non-SPF-equipped domain, and instead get a "None" result due to the use of 
an invalid (invalid or non-existent) domain.  Big deal.  (The entire issue 
of how to handle SPF(non-existent-domain) is still not really resolved 
anyway.)

2) Section 12.2, "The Received-SPF mail header":

| Per [RFC3864], the "Received-SPF:" header field is added to the IANA
| Permanent Message Header Field Registry.  The following is the
| registration template:
| 
|    Header field name: Received-SPF
|    Applicable protocol: mail
|    Status: standard
|    Author/Change controller: wayne(_at_)schlitt(_dot_)net
|    Specification document(s): this Internet Draft
|    (Note to RFC Editor: Replace this with RFC YYYY (RFC number of
|    this spec))
|    Related information: http://spf.mehnle.net/

I guess this registration template is still in its infant stages, right?  
If not: what's the point of referring to http://spf.mehnle.net here?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCfWyFwL7PKlBZWjsRAl3jAJ0b64A5wurYuGqixbLXRyx46d8BCgCfWlg6
ggZCoqx0/fMYUaWmvkzfvzI=
=hQ1O
-----END PGP SIGNATURE-----

Attachment: draft-schlitt-spf-classic-01pre5+mehnle.xml.diff
Description: Text Data