spf-discuss
[Top] [All Lists]

Re: For SPF Council review - FAIL PermError vs. NONE NXDOMAIN (was: BTFOOM)

2005-05-31 11:48:01
In <42904317(_dot_)1574(_at_)xyzzy(_dot_)claranet(_dot_)de> Frank Ellermann 
<nobody(_at_)xyzzy(_dot_)claranet(_dot_)de> writes:

Mark wrote:

ACK, PermError != 5xx reject is dangerous, harmful, and bad.

Glad we are in complete agreement on this. :) I have been
saying so as well for the last few days.

Apparently we all agree, but Julian trying to add more cases
into the PermError class on one side, plus Scott on the other
side trying to devaluate PermError to None seriously confused
not only Wayne.

Please find some resolution about this in the Council:

1 - PermError is only used to indicate errors in SPF policies,
    this includes cases like redirect=any.invalid or the known
    include:any.invalid NONE => PermError

2 - other cases of NCDOMAIN or domain literals result in NONE

3 - Receivers may treat PermError like FAIL, and TempError
    like SOFTFAIL, SMTP offers error codes 5xx and 4xx resp.

Ok Frank, I admit that I'm confused about what you are asking for
here.  This appears to me to be mostly a rehash of issues that have
already been decided.

What exactly do you want changed in the draft and why?


If I gave you the impression that we should reject on address
literals, then let me quickly take the opportunity to rectify
that miscommunication.

Good.  That was a small bug in lentczner -00, domain literals
somehow ended as a "FAIL malformed domain".  Even for the very
harmless case HELO [1.2.3.4] from an IP 1.2.3.4

SPF isn't the place to tell receivers what they might wish to
do if the IP does _not_ match.  Or if there's no dot in a HELO
FQDN.  SPF deals with sender policies, good, bad, or ugly.

But not with other SMTP errors like malformed domains.  After a
bad HELO a client is AFAIK free to RSET and try a better HELO.


Is this also something you want the SPF council to review?


-wayne