-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Frank
Ellermann
Sent: zaterdag 21 mei 2005 7:33
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] Re: BTFOOM
Mark wrote:
The overall problem on this (and similarly) outstanding
item(s), as far as I see it, is the difficulty that the
decision to make something a PermError is always closely
related to what should happen on PermError.
ACK, PermError != 5xx reject is dangerous, harmful, and bad.
Glad we are in complete agreement on this. :) I have been saying so as
well for the last few days.
And on that rock solid groud it's also clear that NXDOMAIN
outside of include: / redirect= is a different beast. The
actual -01 spec. with PermError => SoftfAIL is utter dubious.
Couldn't agree more. :)
Which is to say, declaring a PermError cannot be seen apart
from what is to follow that result; and, conversely, what is
declared to follow a PermError, inevitably affects what we
wish to call a PermError.
ACK. Your "TILT" in this vote upset me especially because we
agree on almost all premises incl. the one and only correct way
to handle a PermError (5xx).
But NXDOMAIN outside of include: / redirect= is not an error
on the side of the sender domain, and e.g. domain literals are
legal constructs, of course ugly, but sometimes necessary.
If I gave you the impression that we should reject on address
literals, then let me quickly take the opportunity to rectify that
miscommunication. Obviously, we should not reject on legitimate, RFC 2821,
4.1.3 Address Literals. That would be bad.
You make a good point, btw, that NXDOMAIN, outside include: / redirect=,
is not a configuration error in the SPF record; and is perhaps indeed
best left to the MTA to deal with.
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx