wayne wrote:
Personally, I don't consider lentczner-00 an "SPF-classic"
spec.
Come on, we all had our ways to deal with the MARID disaster,
some wrote appeals to the IESG, others took a time out, and
MarkL volunteered to create an emergency classic spec. fast,
and that was a necessity at precisely this moment, the old SPF
drafts were expired. We had _nothing_ at this moment when we
needed it most.
It's unfair to blame MarkL and the community for what they did
in this state of emergency.
It wasn't long after it was submitted to the IETF when the
SPF council was formed
It was _weeks_ after it, one PR hunted the next, the IETF was
on the border of collapse - remember the "shuffling those deck
chairs" thread ? - and the ASRG chair gave interviews claiming
that SPF doesn't solve the phishing problem as promised by SID,
Ted and Harald were interviewed by every news service with a
somewhat technical background (and in one case I know exactly
how that might had happened, what do you think what I did one
minute after sending and publishing the appeal ? Hint: It was
of course not waiting for GoogleBot and Syndic8 to find it)
The Council came _long_ after these battles. For some time
John Glube volunteered as interim speaker for the community.
Then William organized his famous poll, JohnP organized the
resulting ballot, and James organized the Community position.
And for all this time the one and only "official" SPF I-D was
lentczner -00. The SID folks published their -00 11-11, and
schlitt -00 (not your prereleases here) came January the third.
I am getting really nervous about some of the stuff with
NXDOMAIN and PermError.
It's quite simple, if the SPF sender policy is FUBAR, and that
includes NONE for an include: or the forgotten redirect=, then
it ought to be fixed a.s.a.p. Like a bogus MX. The only way
to get this desired result a.s.a.p. is a "reject". What else
should the receiver do, send abuse mails manually ? Petition
RFCI to create a new *.spf.rfc-ignorant.org zone ?
Rejecting email on the HELO domain being invalid doesn't seem
as wise to me.
True, HELO invalid is an odd case. That's why there always
was NONE for "no policy at all", and a PermError for garbage
styling itself as sender policy like include:any.invalid
it looks like what people are trying to do is have NXDOMAIN
be a PermError and PermError causing the rejection.
Only Julian, not counting Mark's tilt. Julian's concept of
PermError is cleaner, but it doesn't fit into what a PermError
was since it was invented.
You make one screwup on your SPF record, and *poof*, you get
lots of email rejected.
Sure, that's good. Try to screwup your MX, that's much worse.
If you screw up on your Sender Policy, then you should end
up like you don't have a Sender Policy.
No. A bogus policy is not the same as no policy. Like a bogus
MX is not the same as no MX. A broken sender policy has to be
fixed. Or are you talking about "malformed domain" outside of
SPF policies ? Then of course, keep it as NONE as it always
was. Above all don't start to panic and change everything.
There were no serious bugs in -00. Fix redirect=any.invalid,
check what HELO PermError is supposed to mean, add the CRLF as
announced in 822, wait for the "new word for prefix" vote, and
do not change any serious stuff, if it ain't broken...
they don't *have* a Sender Policy.
NONE. But if somebody includes/redirects to it PermError. As
it always was. This ordre / contreordre / désordre stuff makes
me mad. Shoot Scott and Julian if necessary.
PermError MUST be treated as None
No, it should be treated like Fail. Just as it always was, bye