spf-discuss
[Top] [All Lists]

Re: What to do about redirect= and NXDOMAIN?

2005-05-21 07:55:17
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bill Taroli wrote:
Is there a definition for what an SPF lookup resulting in NXDOMAIN
should return? I would think that if I was being asked to deliver mail
for a non-existent domain would result in some kind of error condition.
In reality, any host that checks HELO strings would have caught it
likely generated a PermFail anyway. But if we resolve the original
domain and follow an SPF redirect to an NXDOMAIN, I'd personally want it
to result in "error"... or perhaps at least give an "unknown".

FYI:  Section 4.3[1] of the current specification draft defines 
SPF(non-existent-domain) to result in "None"[2].  There is however a small 
dispute about whether it would be better to return "PermError" (i.e. an 
error that will not resolve itself under the same circumstances) in that 
case.  Google for <spf "non-existent-domain"|nxdomain none permerror> to 
find the relevant threads and IRC discussions.

References:
 1. 
http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-01.html#initial
 2. 
http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-01.html#anchor7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCj0vVwL7PKlBZWjsRAn3EAJ9y7kNrQN1pfa64LZFp6aatV/HxvgCeJhyz
oHRoET+AUhMHmjwErDGW0cw=
=hBs8
-----END PGP SIGNATURE-----