On Thu, 2005-06-02 at 20:17 -0500, wayne wrote:
In <05c201c567d6$4f312410$0600000a(_at_)john> "Chris Haynes"
<chris(_at_)harvington(_dot_)org(_dot_)uk> writes:
Actually, I also disagree with the phrase: 'the distinction exists
only for informational purposes' in the Neutral result.
The Neutral policy is a necessary construct when used in association
with e.g. "-all". It narrows down the possible source of forgeries
from the entire Internet (which is the situation with "None") to just
the identified MTA. This distinction is surely far more than
'Informational', and Neutral is _essential_ in constructs such as
this. Just delete the clause after the semicolon if you agree with me.
Your definition of Neutral sounds more like what I remember people
asking for as a SoftPass.
I think it is critical that Senders have a way of expressing a policy
that says "treat this as if I didn't have a policy".
That's also compatible with Chris's statements, you've merely improved
on the wording. :-)
I think there's been an ongoing problem with semantics--the definitions
of PASS and NEUTRAL and discussions around them have concentrated on
sender intentions, instead of concentrating on what things would mean
from a receiver's point of view.
In my mind, definitions should be set such that a receiver seeing a
neutral result should conclude that the mailfrom/helo may or may not be
forged, while a receiver seeing a pass result should conclude that the
mailfrom/helo has not been forged and thus can be assumed to represent
what is claimed to be represented.
(Notice how I avoid handling the slippery concept of exactly what it is
that is being represented in mailfrom. :-) )
Anyway, IMHO the policy that should be communicated from the sender to
the receiver is:
o PASS: "If you see X, you can conclude YES",
o NEUTRAL: "If you see Z, you can't conclude anything, because
Y might be true or might not be true."
o FAIL: "If you see F, you can conclude that Y is not
true."
And for softfail, the kludge to gain spf acceptance:
o SOFTFAIL: "If you see ZZZ, you also can't really conclude
anything, but practically speaking Y is probably
not true--we just can't completely rule it out
yet, sorry about that!"
All that is far more useful than saying:
PASS: "This is a place from which I might do Y and from which
other people might do Y",
NEUTRAL: "This is a place for which I know nothing about Y".
Those two statements above will cause a receiver to reach an identical
conclusion--in both cases he can't know whether Y is true or not.
If that's the sort of definition you want, then there's no point in
having two of them because they're the same.
A receiver doesn't (shouldn't) care about what the sender knows he can
do, but rather what the receiver can conclude.
IMHO the definitions might work better if thought through from that
point of view.
(And I think that if you do think through them from that point of view,
that option #2 makes PASS equivalent to a NEUTRAL from the receiver's
point of view, thus lowering the potential descriptiveness of the spf1
language. I don't see how anything but option #1'ish language can be
used.)
--
Mark Shewmaker
mark(_at_)primefactor(_dot_)com