spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[spf-discuss] Re: Successes and failures of the SPF project in 2005

2006-01-11 14:32:47
from [Frank Ellermann] [Permanent Link] 
Dick St.Peters wrote:
 

As I see it, the SPF draft defines two scopes, an mfrom scope
and a helo scope and says to switch to the helo scope if the
mfrom is empty.


I wouldn't agree to call this "scope", and when Wayne tried to
use this term for the Received-SPF we had one of our usual cat
fights about it (and in that case he lost ;-)

Ignoring this point, all v=spf1 drafts I recall always had the
concept "because it must work for an empty MAIL FROM, it must
always work as far as the sender is concerned.  Therefore the
receiver MAY also always test it, because after a FAIL for the
HELO all mails can be rejected".

In early 2005 Meng proposed to s/MAY/SHOULD/ and all agreed -
it just makes sense to check HELO, and SHOULD reflects this
better than 2004's MAY.  Credits for that normally to Hector:

When I found SPF and this list the MAY was already there, I
don't know any details about the early 2003 SPF HELO history.


The SenderID core draft incorporates the SPF mfrom scope by
explicit reference


In its incarnation [SPF].  And SID has a precise definition
what "scopes" are, the comma-separated words after "spf2.0/".

v=spf1 has no "scopes" (again a case of early history where I
don't know why MarkL has put it in 2003 and removed it later
as reported by Wayne).  v=spf1 has "identities", MAIL FROM and
HELO, but no "scopes".  Without at least positional modifiers
it's difficult to create something like "scopes" within v=spf1.

But I recall that part of the SPF history in 2004, essentially
there was never complete consensus, all had different ideas.

I liked Mark's positional modifier approach as it is in spf2.0.
Irony, spf2.0 later got its own global "scopes" and does not
really need additional positional modifiers for that purpose.


Wayne doesn't agree with that view


Nor me.


and the SenderID authors aren't around or aren't speaking up.


Or don't care.  That's why I proposed to just "fix" that hole
in the theory, also replacing the bogus "spf considerations"
(expired, but the side-effects of this text are still visible
 on the MAAWG page about PRA, spf2.0, classic, and v=spf1 -
 they somehow managed to talk about 4 instead of 2 versions) 

                         Bye, Frank


-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Re: Successes and failures of the SPF project in 2005, wayne
Next by Date:  Re: [spf-discuss] aaaa ?, Stuart D. Gathman
Previous by Thread:  Re: [spf-discuss] Re: Successes and failures of the SPF project in 2005, william(at)elan.net
Next by Thread:  [spf-discuss] Ramble about scopes, Greg Connor
Indexes:  [Date] [Thread] [Top] [All Lists]