On Tue, 10 May 2005, Frank Ellermann wrote:
Julian Mehnle wrote:
how is "op=2822from" any better than "addl-scopes=2822from"?
Or, how is "op=2822from.pra" any better than
"addl-scopes=2822from,pra"? (Except for being slightly
shorter.)
Shorter is one of the reasons. Trying to summarize several
hundreds if not more of articles here is a second reason.
Since there people here who are interested in discussing of scoping,
I'd like to propose the syntax for it, which I've worked out over last
few months (it is going to be published as part of my future draft but
can be published as separate document just for scoping).
The syntax (based on my equivalence ideas) is very short for just saying
the scope has same info as default v=spf1 mailfrom scope or that it has no
data and allows for multiple scopes to be handed together like Frank wants.
At the same time it allows for extended use to handle complex situations.
The ABNF is as follows:
----------------------------------------------------------------------
scope-modifier = "sc." scope-list "=" scope-info
scope-list = scope-name *("." scope-name)
scope-name = 1*(alphanum / "-" / "_")
scope-info = none-oper / scope-operator *("," scope-operator)
none-oper = "no"
scope-operator = equiv-operator / spf-lookup-oper / unknown-oper
unknown-oper = macro-string
equiv-operator = ema-oper / dom-oper / net-oper
ema-oper = "ema" [ "." scope-name ]
dom-oper = "dom" [ "." scope-name ] [ eq-domains-list ]
net-oper = "net" [ "." scope-name ] [ eq-domains-list ]
eq-domains-list = "(" domain / domains-list ")"
domains-list = *("," domain)
spf-lookup-oper = "spf(" vers-prefix ["," macro-string] ")"
vers-prefix = *(name / delimiter)
----------------------------------------------------------------------
Here are some simple format examples with "example" scoping identity:
sc.example=no <==== This domain being queried is never used with example
identity (way of saying "-all" but just for that scope)
sc.example=ema <==== [EMA = Equivalent Mail Address]
This means that all source systems enforce rules
so that Example Identity address is always equivalent
to SMTP2821 MAIL FROM (default) identity
sc.example=dom <==== [DOM = Equivalent Domain]
This means that all sources systems enforce rules
so that a Example Identity would have an address in
same domain as SMTP2821 MAIL FROM (default) identity
sc.example=net <==== [NET = Equivalent Network]
This means that Example Identity would have
sources in same networks as MAIL FROM identity
(this is basicly what PRA presumes by default)
sc.example=spf('spf2.0/exa') <=== Do spf-style lookup using record in
separate text or spf dns record which
has a prefix of "spf2.0/exa"
Note: The prefix name is arbitrary and is not otherwise defined by
spf official documentation. The data in prefix must be conforming
to spf1 syntax and prefixes must not start with "v=spf" other then
case of "v=spf1" to allow for future spf versions
Here is a lot more complex syntax with two scopes (example1 & example2)
and which reference record for third (submit) scope:
example.com. IN SPF "v=spf1 ip4:192.168.0.0/24 -all sc.submit=net \
sc.example1.example2=net.submit(,example.net),spf('spf2.0/pra',_spf)"
The above says that two scopes example1 & example2 have sources in the
same networks as sources of submit scope for example.com (this is because
you see "net(,example.net" so if it starts with "," it means the example.com
spf1 record defined networks are to be used, i.e. same as just "net") OR
submit scope for example.net domains OR that of special record defined in
spf record with version "spf2.0/pra" of _spf.example.com domain
For situations where you want multiple scopes to have one common part of
the same spf record but also have smaller unique parts, the proposed
syntax allows to do it with no extra lookups and not having to duplicate
shared portion:
example.com. IN SPF "v=spf1
sc.example1=spf('x-spf/shared'),spf('x-spf/example1')
sc.example2=spf('x-spf/shared'),spf('x-spf/example2')"
example.com. IN SPF "x-spf/shared ip4:192.168.0.0/20 -all"
example.com. IN SPF "x-spf/example1 ip4:127.0.0.1 -all"
example.com. IN SPF "x-spf/example2 ip4:127.0.0.2 -all"
Please comment on if you think this is acceptable for scoping needs or
if it needs more work.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net