spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

IPv6 / a+ip6 (Was: Re: New SPFv1 spec: draft-schlitt-spf-classic-01pre7)

2005-05-18 01:36:58
from [Jeroen Massar] [Permanent Link] 
On Wed, 2005-05-18 at 00:02 -0500, wayne wrote:

<SNIP>


The drafts are in the same place as last time:

http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-01pre7.html
http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-01pre7.txt
http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-01pre7.nr
http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-01pre7.xml


Section 5.3. "a", does this "ip address" include both IPv4, IPv6 and
maybe anything else that will come, aka thus this force SPF checkers to
check both A and AAAA at the moment?

Section 5.6. "ip4" and "ip6", mentions:

8<--------------------
ip6-network      = <as per [RFC 3513], section 2.2>
          ; e.g. 2001:DB8::CD30
--------------------->8

Which would be ambigous imho, as you need to write: "ip6:2001:db8::cd30", thus 
if
somebody writes some silly parser, simply cutting per ":", eg split first on 
space
and then on ":", which is indeed quite silly, would mess up this format.
Would it not be better to write: "ip6:[2001:db8::cd30]/30", which is the IPv6
literal syntax (RFC2732). My silly ":" split argument goes for this one too, but
at least this should be a little less ambiguous when reading as a human.

Currently for me, where I usually sent most mail over IPv6 would be (for 
unfix.org):
"v=spf1 ip6:2001:7b8:20d::/48 -all"
or somewhat more relaxed:
"v=spf1 a mx ptr a:purgatory.unfix.org ip6:2001:7b8:20d::/48 -all"

The 'a', thus defines a host address which is both IPv4 and IPv6, and
I am really wondering what happens if I setup my spf rules and send out
a mail over IPv6 outbound, and some SPF checker doesn't check the IPv6
address, sees that it's not the IPv4 address as mentioned in the SPF
rule, thus most likely dropping the mail...

Maybe to put the question differently, what is the level of support
for IPv6 in the several SPF check tools?

Greets,
 Jeroen

PS: http://spf.pobox.com/mechanisms.html is totally out of date btw...
(Getting ~1500 separate bounces from yahoo over some german political
spam would have been solved with SPF, but the above still worries me a bit...)

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper!  http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

Attachment: signature.asc
Description: This is a digitally signed message part

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: People keep misunderstanding what "Pass" and "Neutral" mean (was: Time to start rejecting on neutral?), Mark
Next by Date:  RE: People keep misunderstanding what "Pass" and "Neutral" mean (was: Time to start rejecting on neutral?), Mark
Previous by Thread:  Re: New SPFv1 spec: draft-schlitt-spf-classic-01pre7, wayne
Next by Thread:  Re: IPv6 / a+ip6 (Was: Re: New SPFv1 spec: draft-schlitt-spf-classic-01pre7), wayne
Indexes:  [Date] [Thread] [Top] [All Lists]