Greg Connor wrote:
Option 1. tag the scope with the version
SPF2.0/mfrom and SPF2.0/helo are examples of the "tag the
string" method.
Yes, might need include: or redirect= if you run out of the
"UDP-space" shared by all SPF RRs.
Having some sort of wildcard or "applies to all" mode is
good
How about this:
spf2.0/mfrom mfrom=stuff redirect=_common.%{d]
spf2.0/helo helo=stuff redirect=_common.%[d]
_common spf2.0/mfrom,helo common=stuff ?all
Disadvantage: two "real" queries, _common isn't in the cache
after the first query. What we really want is something like
spf2.0/mfrom mfrom=stuff common=x
spf2.0/helo helo=stuff common=x
spf2.0/x common=stuff ?all
All sorts of trouble here, old positional / multiple modifier
issues.
I really really think that most domains will want the same
policy for HELO, MAIL FROM, Sender, etc.
Sender is stillborn, I recommend to use DKIM (or better) for
2822 identities. For 2821bis (Hello + MAIL FROM) v=spf1 might
be good enough, maybe with kludges like op=helo.
I don't like the modifier option as much, because like option
1, it still makes the TXT longer
So far nobody wanted or needed op= for anything it could do.
Thinking about more complex "scope" ideas for the two relevant
identities is therefore IMHO useless. It starts to get more
interesting if SPF policies could help to preselect later 2822
DATA tests (op=smime or similar).
An DKIM SSP accelerator could be interesting for systems that
test both SPF and DKIM anyway, maybe SPF policies could offer
something that avoids to query SSP policies separately.
If you do want to vary the policy for HELO or MFROM or
Sender, then you have to test %{scope} and redirect to
another TXT query.
op=helo and op=nohelo should cover the weirdest situations
without any additional query. For the few domains that are
really forced to use the same FQDN for both identities.
Sender is a 2822 test, and as shown by Wiliam's appeal that's
technically a very bad idea. I still think that PRA is the
best you can do for Sender, it is already specified, but it's
unfortunately not good enough to do anything serious with it.
For your pet case "all policies identical" spf2.0/mfrom,pra
or v=spf1 op=pra can say so. And otherwise spf2.0/pra can be
different from v=spf1. No demand for scope macros: Even the
very simple ideas of spf2.0/mfrom, spf2.0/pra, v=spf1 op=pra,
etc. don't fly so far.
Bye, Frank
<http://purl.net/xyzzy/home/test/draft-spf-6-3-options-08.txt>
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com