On Thu, Aug 25, 2005 at 12:51:10PM -0400, Hector Santos wrote:
I was not referring to your record, but now in general.
A slightly simplified approach:
Just process the record left to right.
Find pairs of prefixes and mechanisms (the default prefix is "+").
if mechanism matches, return prefix
else continue with next mechanism.
If no more mechanisms are present, processing ends as if "?all" was
present so return "?".
Example: v=spf1 ?a:somehost.example.org ?a:otherhost.example.org -all
For logic like above, if it does not match, it will fail.
Is that the policy?
does "a:somehost.example.org" match? No. continue.
does "a:otherhost.example.org" match? No. continue.
does "all" match? Yes. Return "-".
Other possible outcome:
does "a:somehost.example.org" match? Yes. Return "?".
It really is as simple as that.
(simplified approach as no error checking nor modifier occurs in my example).
You are basically declaring:
"I am sending mail from a machine that you
you probably shouldn't trust!"
No he's not. Look at the definition of "?" in the specification.
It is neutral, not fail. Also, see:
http://spf.pobox.com/mechanisms.html#include
Whats the point then?
You cannot be sure mail from those machines is really sent by Scott
but you can be sure other mail is not sent by Scott. Do not mistake
"?" for anything negative.
Alex