spf-discuss
[Top] [All Lists]

New SPFv1 spec: draft-schlitt-spf-classic-01pre6

2005-05-13 15:33:24


As expected, the last 20% of the SPF spec is taking the other 80% of
the time.  We still haven't had any rulings from the council on any of
the issues yet, but we have had a lot of suggested changes, so I think
it is time to put out a new release.

So far, I know of the following requests for council rulings have been
submitted:

(ScottK)  For SPF council review: Syntax error = Perm error = Message
          should be rejected?
(FrankE)  For SPF council review: MUST accept source routes
(ScottK)  For SPF council review: NOT RECOMMENDED
(ScottK)  For SPF council review: Definition of PASS, Policy for
          shared MTAs

Other than Frank's request, I think I have addressed all of the rest,
at least indirectly.  I don't consider these close, but if people
think the changes I've made are good enough, please let me know.


The drafts are in the same place as last time:

http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-01pre6.html
http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-01pre6.txt
http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-01pre6.nr
http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-01pre6.xml

A diff and a wdiff between this version and the previous version
(-01pre5) can be found at: 

http://www.schlitt.net/spf/spf_classic/changes_from_draft-schlitt-spf-classic-00.xml.diff.txt
http://www.schlitt.net/spf/spf_classic/changes_from_draft-schlitt-spf-classic-00.xml.wdiff.txt


Changes from -01pre5:

* I am now using the beta release of xml2rfc-1.30pre2 and some of the
  XML changes I did earlier have been restored.  Keep your eye out for
  formating ugliness that I missed.

* lots of grammar/spelling errors fixed

* In mengwong-spf-0[01], there was a RECOMMENDED algorithm for dealing
  with HELO and MAIL FROM checks.  In restoring HELO checking to
  lentczner-spf-00, I copies some, but not all of this algorithm.  As
  part of the "HELO vs MAIL FROM" discussion, I have removed the
  remains of this algorithm.  It is now up to the receiver's policy
  as to how to combine the results.

* The infamous "NOT RECOMMENDED" sentence about using other identities
  with SPF records has been changed to a more descriptive paragraph.

* "PermError" no longer says that the email SHOULD be rejected, but
  rather that it SHOULD be treated similar to SoftFail.

* The references to ABNF rules defined in other RFCs has been fixed to
  validate.

* A couple of IP addresses and host names were changed to the ones you
  are supposed to use in RFCs

* Receive-SPF headers ABNF have been updated to require whitespace in
  places where it is needed.

* Received-SPF headers now have a scope= key-value pair

* Received-SPF headers are noted to be useful for each identity that
  you check.

* The Security Considerations sections have been re-ordered

* A Cross-user Forgery section has been added to the Security
  Considerations.


-wayne