spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: NONE vs. PermError

2005-05-08 09:08:31
from [Julian Mehnle] [Permanent Link] 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frank Ellermann wrote:

Julian Mehnle wrote:

The entire issue of how to handle SPF(non-existent-domain) is still not
really resolved anyway. 


[...]
SPF is checkhost( in LHS, in RHS, in IP, out result ) and not restricted
to "valid RHS", BTW, how do you define "valid RHS" ?  [...]
No domain literal as RHS is clear, but you also have a concept of
"existig RHS", but what's an existing RHS ?  Something with an A, AAAA,
MX, or alias probably, what else ? 


The meaning of "non-existent domain" (AKA RCODE 3) is well-defined, isn't 
it?


And why should SPF be restricted to these cases, it's only interested in
those RHS with a SPF sender policy, anything else is NONE, ready.


Counter question: why should SPF be concerned with non-existent or 
syntactically invalid domains?  I don't see what the point of that could 
_possibly_ be.

The information-theoretical answer to your question is: giving "None" for 
non-existent or syntactically invalid domains means losing information 
because the caller of SPF() then cannot distinguish these cases from the 
cases where the domain was valid but really did not have an SPF record -- 
but this is _relevant_ information.  Viewed in reverse, it means 
overloading the regular meaning of "None" with an exceptional meaning.


Adding an artificial -q=any before SPF only to turn these NONEs into
PermErrors within SPF is a waste of time. 


You don't need to do an "any" query to get an RCODE of 3.


[...] what's the point of referring to http://spf.mehnle.net [from
the "Received-SPF:" header registration template]? 


The SPF Council is responsible for SPF related issues, you've just
unilaterally and unanimously extended its term of office until November.


This decision was far from unilateral.


This is just the URL of the SPF Council, what else should it be ?  For
spf2.0 I'd propose spf.pobox.com [...]


Why not http://spf.pobox.com for SPFv1?

Look, I'm not trying to prevent http://spf.mehnle.net from being used in 
this template, I'm just trying to understand Wayne's reasons.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCfjl/wL7PKlBZWjsRAgmYAJ4wUzZhT+pUNVkqSpcQ7HtfEgX2CQCg/Wuc
KX/Ce5vcu6G9ZcZ+lbiTQZQ=
=Aiua
-----END PGP SIGNATURE-----
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Re: For SPF council review: NOT RECOMMENDED, wayne
Next by Date:  Re: trusted-forwarder trouble, wayne
Previous by Thread:  NONE vs. PermError (was: The (almost) final SPFv1 spec: draft-schlitt-spf-classic-01pre5), Frank Ellermann
Next by Thread:  Re: NONE vs. PermError, Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]