spf-discuss
[Top] [All Lists]

Re: What to do about redirect= and NXDOMAIN?

2005-05-22 10:12:05

Julian and I chatted about this some on the #spf IRC channel today.  

Both Julian and I expressed concern about changing the semantics that
apparently have been around for a very long time and which only now
has it been brought up.

Recall that the current semantics are:

             | non-existent domain | domain w/o SPF record
  -----------+---------------------+-----------------------
   include:  | PermError (throw)   | PermError (throw)
   redirect= | None                | None    




So this what I think we should do:

             | non-existent domain | domain w/o SPF record
  -----------+---------------------+-----------------------
   include:  | PermError (throw)   | None* (no match)
   redirect= | PermError*          | None / Neutral*

(* marks differences from the current specification.)

Besides the above matrix of results, Julian also said that the
following might be ok with him:

             | non-existent domain | domain w/o SPF record
  -----------+---------------------+-----------------------
   include:  | PermError (throw)   | PermError (throw)
   redirect= | PermError*          | PermError (throw)*

  (* marks differences from the current specification.)


I would like to also suggest the following:

             | non-existent domain | domain w/o SPF record
  -----------+---------------------+-----------------------
   include:  | PermError (throw)   | PermError (throw)
   redirect= | Neutral*            | Neutral*

  (* marks differences from the current specification.)



As Shew pointed out on #spf, one major difference between include: and
redirect= is that include: can be found in the middle of an SPF
record, and it is important to stop evaluations at that spot, rather
than continue on into mechanisms that aren't intended.  The redirect=
modifier, however, is only executed at the very end, and is therefore
much more similar to the existing default of "?all" if nothing matches.




-wayne