As expected, the last 20% of the SPF spec is taking the other 80% of
the time. We still haven't had any rulings from the council on any of
the issues yet, but we have had a lot of suggested changes, so I think
it is time to put out a new release.
So far, I know of the following requests for council rulings have been
submitted:
(ScottK) For SPF council review: Syntax error = Perm error = Message
should be rejected?
(FrankE) For SPF council review: MUST accept source routes
(ScottK) For SPF council review: NOT RECOMMENDED
(ScottK) For SPF council review: Definition of PASS, Policy for
shared MTAs
Other than Frank's request, I think I have addressed all of the rest,
at least indirectly. I don't consider these close, but if people
think the changes I've made are good enough, please let me know.
The drafts are in the same place as last time:
http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-01pre6.html
http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-01pre6.txt
http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-01pre6.nr
http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-01pre6.xml
A diff and a wdiff between this version and the previous version
(-01pre5) can be found at:
http://www.schlitt.net/spf/spf_classic/changes_from_draft-schlitt-spf-classic-00.xml.diff.txt
http://www.schlitt.net/spf/spf_classic/changes_from_draft-schlitt-spf-classic-00.xml.wdiff.txt
Changes from -01pre5:
* I am now using the beta release of xml2rfc-1.30pre2 and some of the
XML changes I did earlier have been restored. Keep your eye out for
formating ugliness that I missed.
* lots of grammar/spelling errors fixed
* In mengwong-spf-0[01], there was a RECOMMENDED algorithm for dealing
with HELO and MAIL FROM checks. In restoring HELO checking to
lentczner-spf-00, I copies some, but not all of this algorithm. As
part of the "HELO vs MAIL FROM" discussion, I have removed the
remains of this algorithm. It is now up to the receiver's policy
as to how to combine the results.
* The infamous "NOT RECOMMENDED" sentence about using other identities
with SPF records has been changed to a more descriptive paragraph.
* "PermError" no longer says that the email SHOULD be rejected, but
rather that it SHOULD be treated similar to SoftFail.
* The references to ABNF rules defined in other RFCs has been fixed to
validate.
* A couple of IP addresses and host names were changed to the ones you
are supposed to use in RFCs
* Receive-SPF headers ABNF have been updated to require whitespace in
places where it is needed.
* Received-SPF headers now have a scope= key-value pair
* Received-SPF headers are noted to be useful for each identity that
you check.
* The Security Considerations sections have been re-ordered
* A Cross-user Forgery section has been added to the Security
Considerations.
-wayne