On Sat, 7 May 2005, Scott Kitterman wrote:
"Checking other identities against SPF records is NOT RECOMMENDED
because there are cases (e.g. Section 9.3) that are known to give
incorrect results."
"If other identities are checked against SPF version 1 [I think this is
the change Wayne said he already made] records, then that check MUST
produce the same result as checks described in this draft."
Its not bad line of thought, but I'm afraid that unless its the same
identity you really can't expect to have it produce the same results
(ok you can if you use equivalence modifiers).
On this topic, I do agree that our existing language maybe a little too
harsh and too wide, while we should not allow somebody to use existing
spf1 records for something else without record holder having agreed to it,
I do think that if we record holder opts-in to other use of the same
record, that is ok to allow (this could involve modifiers to indicate
policy to approve other use of the record or could involve local
agreement between policy sender and recipient, i.e. for use of spf1
records as local whitelist but for different identities). Maybe
something like this may work:
--
Without explicit approval of record owner, checking other identities
against v=spf1 records is NOT RECOMMENDED, because there are cases
(e.g. Section 9.3) that are known to give incorrect results."
--
Also is it possible to change the name of the spf check_host() function
argument from <sender> to <address> or some other neutral word. It creates
less confusion because for identities like "HELO" its not really sender
but just identity address and <domain> is domain portion of that address.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net