In <00c701c5aa81$addcf7d0$6401a8c0(_at_)hdev1> "Hector Santos"
<spf-discuss(_at_)winserver(_dot_)com> writes:
Example:
domain_a: v=spf1 ?include:domain_b -all
domain_b: v=spf1 -ip4:1.2.3.4 +all
Now suppose the SENDER IP is 1.2.3.4 so that there is a match in the policy.
Lets follow the PREFIX:
domain_a: prefix=+ default
domain_a: ?include:domain_b prefix is now ?
domain_b: prefix=+ default
domain_b: -ip4 prefix is now -
ip match -> return prefix=-
when the recursive call returns, what is the result?
prefix=- from hard ip4 match? or
prefix=? from hard ?include result?
Neither of those are correct. The result is prefix=- from the -all.
The include:domain_b evaluates the record from domain_b. The -ip4:
matches, so the result of that evaluation is an SPF Fail. Since the
result of the include: is *not* an SPF Pass, the include: does not
match.
The include: mechanism is really badly named. It should be something
like "if-pass" or something. It neither acts like a
macro-processor-type include of the record at the target domain, nor
does it act like programming "call". It acts like
'if (eval(target) == Pass ) return prefix;'.
-wayne
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com