spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Updated SPF validator and a new checker

2005-08-27 01:23:02
from [Hector Santos] [Permanent Link] 
Hi Peter,

I figured you were using original specs (as you indicated).  Our parser is 
still original specs based too, which is nearly 2 years old now. :-)

The question is whether a UNKNOWN should return a statement:

      "X.X.X.X may send in the name of the domain."

and how receivers should handle "unknowns."

I believe, I havn't checked off hand, but Wayne's spec has this as PERMERROR.

All this is based on trying to get some level of consistency for receivers to 
better handle the results and/do integrate with Rule Based Mail Filters.

I didn't check, does your "show details" show a possible resulting 
"Received-SPF:" header?

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com



----- Original Message ----- 
From: "Peter Karsai" <peter(_dot_)karsai(_at_)gmail(_dot_)com>
Newsgroups: spf.-.sender.policy.framework.discussion
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Saturday, August 27, 2005 3:56 AM
Subject: Re: [spf-discuss] Updated SPF validator and a new checker


Hi Hector,

The draft version that our SPF library works with
(http://www.libspf.org/files/spf-draft-200405.txt) says in Section 3.
SPF Record Evaluation that "If an SPF client encounters a syntax error
in an SPF record, it must terminate processing and return a result of
"unknown".".

The library does a reasonaly complete syntax validation on the SPF
policy string before the evaluation to make sure that the policy is OK
and the evaluation will not end with unexpected results. I believe
that we have to be strict on syntax, otherwise we will end up with
something like HTML browsers :)

  Peter

On 8/26/05, Hector Santos <spf-discuss(_at_)winserver(_dot_)com> wrote:

Peter, I ran a few logged SPF results to test against your checker.

For one transaction I got on August 19:

  IP: 199.237.55.172
  CDN:  yes.jcmanagementservices.com
  RPD:  
b-p0ckbcgbhbjd-iaagchg-000-(_at_)msg(_dot_)jcmanagementservices(_dot_)com

The SPF record is:

  v=spf1 mx ptr a include

This results in a PASS because of the MX match.

Your checker indicates:

   "199.237.55.172 may send in the name of the domain."

And the details indicates:

   "SPF policy evaluation finished with SPF Unknown."

I retested this by changing the IP to see how it handled a bad IP.

  IP: 199.237.55.173

and our systems returns a PERMERROR which I think is correct the INCLUDE is 
incorrect.

But your checker says:

  "199.237.55.173 may send in the name of the domain."
  "SPF policy evaluation finished with SPF Unknown."

Shouldn't your checker throw an error on this? Not a pass?

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com


-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [spf-discuss] INCLUDE Statement [was [OT]Calling Hector Santos], Hector Santos
Next by Date:  Re: [spf-discuss] Updated SPF validator and a new checker, Peter Karsai
Previous by Thread:  Re: [spf-discuss] Updated SPF validator and a new checker, Peter Karsai
Next by Thread:  Re: [spf-discuss] Updated SPF validator and a new checker, Peter Karsai
Indexes:  [Date] [Thread] [Top] [All Lists]