On Sat, 20 Aug 2005, Scott Kitterman wrote:
OK. I give.
Option framework it is.
op=from mumble something here.
Does it have value to give senders an option to say the from==mailfrom for
their domain so feel free to reject anything where from!=mailfrom if the
from is for their domain?
For heavily phished domains I think it would be worth it. From a receiver
perspective I think it would be worth it to do some added checks on the 20%
of mail where from!=mailfrom.
I'd like to see if people this think is worthwhile.
"op" settings are somewhat limited in what they can convey.
Sometime ago I have my equivalency modifier with some volume mail senders
and they seem to think that in many cases they can not promise full email
address equivalency of sender/from = mailfrom but can do with domain of
sender/from = mailfrom (which seems to fit nicely into spf framework)
where as others specifically thought doing full equivalency is better.
Additionally some can not do with even domain equivalency but would like
to list domains that are possible for sender/from for given mailfrom and
otherway around - this would require some special spf syntax or redirect.
In other words if we develop equivalency further it has to be its own
modifier with its own mini syntax in order to support full range of use
(eventhough in almost all cases the senders would probably use full or
domain equivalency option, just like with spf many are just doing
"a mx", but some do need more complex syntax spf offers)
Suggestions on syntax?
I ended up working on modifier syntax for both equivalency and scoping
together. Last time I mentioned this all in May, see:
http://www.gossamer-threads.com/lists/spf/discuss/19343?search_string=spf%20domains;#19343
I'll repeat the core ABNF here (one error fixed from above post):
----------------------------------------------------------------------
scope-modifier = "sc." scope-list "=" scope-info
scope-list = scope-name *("." scope-name)
scope-name = 1*(alphanum / "-" / "_")
scope-info = none-oper / scope-operator *("," scope-operator)
none-oper = "no"
scope-operator = equiv-operator / spf-lookup-oper / unknown-oper
unknown-oper = macro-string
equiv-operator = ema-oper / dom-oper / net-oper
ema-oper = "ema" [ "." scope-name ]
dom-oper = "dom" [ "." scope-name ] [ eq-domains-list ]
net-oper = "net" [ "." scope-name ] [ eq-domains-list ]
eq-domains-list = "(" [ domain ] [ domains-list ] ")"
domains-list = *("," domain)
spf-lookup-oper = "spf(" vers-prefix ["," macro-string] ")"
vers-prefix = *(name / delimiter)
----------------------------------------------------------------------
The sender equivalency would be listed as "sc.sender=ema" if email
submission rules are enforced by sender and Sender/From would be
same as MAILFROM. If submission rules are enforced on domain basis only
then the syntax is "sc.sender=dom".
For complex rules, listing of additional domains can be done as follows:
sc.sender=dom(,example.org.outsource.net)
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net