spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: For SPF Council review - FAIL PermError vs. NONE NXDOMAIN (was: BTFOOM)

2005-05-22 04:42:25
from [Mark] [Permanent Link] 


-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com 
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Frank 
Ellermann
Sent: zondag 22 mei 2005 10:33
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] For SPF Council review - FAIL 
PermError vs. NONE NXDOMAIN (was: BTFOOM)




If I gave you the impression that we should reject on address
literals, then let me quickly take the opportunity to rectify
that miscommunication.


Good. That was a small bug in lentczner -00, domain literals
somehow ended as a "FAIL malformed domain". Even for the very
harmless case HELO [1.2.3.4] from an IP 1.2.3.4


Clearly that was a bug. It is not a 'malformed' domain; nor (what with
the brackets and all) a domain even. But, in the words of RFC 2821,
the address literal "is allowed as an alternative to a domain name".


ACK, PermError != 5xx reject is dangerous, harmful, and bad.



Glad we are in complete agreement on this. :) I have been
saying so as well for the last few days.


Apparently we all agree, but Julian trying to add more cases
into the PermError class on one side, plus Scott on the other
side trying to devaluate PermError to None seriously confused
not only Wayne.


And perhaps I added to the confusion by having argued, on occasion, that
SPF might return PermError on NXDOMAIN in a malformed domain in MAIL FROM.
But, like I said, clearly bracketed RFC 2821 4.1.3 Address Literals do and
must not fall into that category.


Please find some resolution about this in the Council:

1 - PermError is only used to indicate errors in SPF policies,
    this includes cases like redirect=any.invalid or the known
    include:any.invalid NONE => PermError

2 - other cases of NXDOMAIN or domain literals result in NONE.

3 - Receivers may treat PermError like FAIL, and TempError
    like SOFTFAIL, SMTP offers error codes 5xx and 4xx resp.


I can really find myself in these 3 points. ;) If tonight's meeting is
still on, we may know more tomorrow.

- Mark 
 
        System Administrator Asarian-host.org
 
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Avoiding the DNS Hunt, Julian Mehnle
Next by Date:  Re: BTFOOM, Julian Mehnle
Previous by Thread:  For SPF Council review - FAIL PermError vs. NONE NXDOMAIN (was: BTFOOM), Frank Ellermann
Next by Thread:  RE: For SPF Council review - FAIL PermError vs. NONE NXDOMAIN (was: BTFOOM), Scott Kitterman
Indexes:  [Date] [Thread] [Top] [All Lists]