william(at)elan.net wrote:
sc.example=no <==== This domain being queried is never used
with example identity (way of saying
"-all" but just for that scope)
That's like op=nohelo in the case of a "HELO identity".
sc.example=ema <==== [EMA = Equivalent Mail Address]
This means that all source systems
enforce rules so that Example Identity
address is always equivalent to SMTP2821
MAIL FROM (default) identity
No idea what you're talking about. You need an enumeration of
"scopes" or "identities", and how they are determined. What
is a sc.helo=ema or a sc.mfrom=ema ? (Assuming that "mfrom" is
what I think it could be)
sc.example=dom <==== [DOM = Equivalent Domain]
This means that all sources systems
enforce rules so that a Example Identity
would have an address in same domain as
SMTP2821 MAIL FROM (default) identity
So sc.helo=dom could mean that MAIL FROM:<user(_at_)an(_dot_)example>
always comes from a HELO an.example ? And sc.mfrom=dom would
be bogus, because that's obvious ? Maybe mfrom is not what
you have in mind,
sc.example=net <==== [NET = Equivalent Network]
This means that Example Identity would
have sources in same networks as MAIL
FROM identity (this is basicly what PRA
presumes by default)
That's PRA ? Where ? And why is it better than an op=pra ?
sc.example=spf('spf2.0/exa') <=== Do spf-style lookup using
record in separate text or spf dns record
which has a prefix of "spf2.0/exa"
Oops, is that stuff about spf2.0 ? Then I won't discuss it at
the moment, I'm preparing for a war aka "last call schlitt".
But spf2.0 certainly allows spf2.0/mfrom,exa for all defined
values of exa, i.e. pra, submit, (undocumented) helo, and more
on demand.
example.com. IN SPF "v=spf1
sc.example1=spf('x-spf/shared'),spf('x-spf/example1')
sc.example2=spf('x-spf/shared'),spf('x-spf/example2')"
example.com. IN SPF "x-spf/shared ip4:192.168.0.0/20 -all"
example.com. IN SPF "x-spf/example1 ip4:127.0.0.1 -all"
example.com. IN SPF "x-spf/example2 ip4:127.0.0.2 -all"
That gives you the default ?all with v=spf1 implementations.
What's the point, saving a query in a backwards compatible
"version 3" implementation ? The "hunting for records"
issue ? But you get _all_ SPF records for a q=spf, there's
no need to squeeze completely new concepts behind a "v=spf1",
and you could also use the spf2.0 positional parameter style:
"spf3.0/example1,example2 ip4:192.168.0.0/20
ip4:127.0.0.1 only=example1 ip4:127.0.0.2 only=example2 -all"
Shorter and all in one record. Note spf3.0, stuff like "only="
can't be added to spf2.0, same problem as stated in the "op="
memo. Of course spf3.0 can do whatever it wishes, e.g. use
your syntax. But this is not the time to discuss spf3.0 or
scopes or fantasy identities like submit or weird "op=" stuff
for the 1000 and first time. It's the time to get an RfC for
v=spf1 as is. More precisely it's one year after this time.
Bye, Frank