Julian Mehnle wrote:
The meaning of "non-existent domain" (AKA RCODE 3) is
well-defined, isn't it?
And you get it with say nslookup -q=txt foo.bar. You can get
it with any query, but within check_host() we're interested in
a q=txt, so this one query is good enough to get check_host()
started. Actually two queries with q=spf first.
why should SPF be concerned with non-existent or
syntactically invalid domains?
It's not, it just returns NONE, interpreted by the caller,
e.g. NONE -> PERMERROR for a missing include. The - as you
say - lost information why this include did't work, domain not
found or missing SPF policy, is irrelevant at this point.
"None" for non-existent or syntactically invalid domains
means losing information because the caller of SPF() then
cannot distinguish these cases
That's true, but at the moment we have "NONE => forget it" and
"PermError => reject 55x 5.x.x". You probably don't propose
to reject domain literals. When I try `nslookup localhost.`
(note the dot) I get 127.0.0.1 (depending on the name server),
`nslookup so.` says 127.0.0.2, and for ai I get 209.88.68.34
And so on, there are many wild and wonderful cases. But from
SPF's POV that's all irrelevant, no policy => NONE, let the
caller decide what to do.
this is _relevant_ information.
Yes, what exatly do you plan to do with these new PermErrors ?
An additional query _before_ check_host() only to avoid them
would be worse than pointless.
So apparently you want to say "bad domain => reject MAIL FROM".
That's a bad idea for domain literals, so you'd always have
that special case. But maybe your idea is simpler elsewhere.
What's with MAIL FROM:<> HELO omi.god ? Just reject it with a
PermError, is that your idea ? While that might be a minor
change from your theoretical POV, it's a major change from an
editorial POV, and it also changes the SPF interface for users
drastically. Who's gonna convince say James to implement it ?
It also changes the definition of NONE drastically. Yes, you
say "sharpens", yes, this could be very useful, but is it still
documenting "classic SPF" as all understood it in May 2004 ?
You don't need to do an "any" query to get an RCODE of 3.
ACK, that was nonsense, I forgot to check the visible nslookup
behaviour, it's just any querytype, not only -querytype=any.
you've just unilaterally and unanimously extended its term
of office until November.
This decision was far from unilateral.
Let's say it wasn't your "community vote" experiment, and I
certainly didn't ask for it, quite the contrary. But that's
only my personal position, I doubt that it's Radu's position.
Why not http://spf.pobox.com for SPFv1?
That would be correct for spf2.0, but it's not yet for v=spf1.
"Sender Policy Framework an essential part of Sender-ID". I'd
have major difficulties to _find_ Wayne's draft on these pages.
Yes, it's there, somewhere below spf2.0 and draft-lentczner an
obscure "SPF classic" is mentioned. Nothing about the Council.
Look, I'm not trying to prevent http://spf.mehnle.net from
being used in this template, I'm just trying to understand
Wayne's reasons.
I proposed this template nine weks ago, your site simply _is_
the SPF Council site, it works with my browser, it's nice, it
talks about Wayne's draft, not spf2.0 / Sender-ID. Bye, Frank