spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Re: Successes and failures of the SPF project in 2005

2006-01-12 07:10:55
from [Dick St.Peters] [Permanent Link] 
Frank Ellermann writes:


Dick St.Peters wrote:
 

As I see it, the SPF draft defines two scopes, an mfrom scope
and a helo scope and says to switch to the helo scope if the
mfrom is empty.


I wouldn't agree to call this "scope", and when Wayne tried to
use this term for the Received-SPF we had one of our usual cat
fights about it (and in that case he lost ;-)


This sub-thread has become about what SenderID calls a scope.  Quoting
from draft-lyon-senderid-core-01.txt:

    3.1 Version and Scope

       Under Sender ID, receiving domains may perform a check of either the
       PRA identity or the MAIL-FROM identity.  Sending domains therefore
       require a method for declaring whether their published list of
       authorized outbound e-mail servers can be used for the PRA check,
       the MAIL-FROM check or both.

       This section replaces section 4.5 of [SPF] and adds the concept of
       SPF record scopes.

       SPF records begin with a version identifier and may also include a
       scope:

          record      = version terms *SP
          version     = "v=spf1" | ( "spf2." ver-minor scope)
          ver-minor   = 1*DIGIT
          scope       = "/" scope-id *( "," scope-id )
          scope-id    = "mfrom" / "pra" / name

       For example, the SPF record:

              spf2.0/mfrom,pra +mx +ip4:192.168.0.100 -all

       defines an SPF record that can be used for either MAIL FROM or PRA
       checks.

       This document only defines the existence of two scopes: "mfrom" and
       "pra".  The details of these two scopes are defined in other
       documents: "mfrom" is defined in [SPF], "pra" is defined in [PRA].

I read that as saying the SenderID scope refers to the identity being
checked.  Wayne says, in effect, that it refers to the entire process
defined in [SPF]. including the switch to a different identity.

Either way, this thread has drifted far away from what is important to
me: that my SPF policies not be applied to my servers' HELO
identities.

This has become operationally less important since the zone cuts were
removed, but I still regard it as ludicrous to think that a single
policy applies to both MAIL-FROM identities and HELO identities.  My
servers send mail for hundreds of domains, but the servers themselves
are in a domain never used legitimately in a MAIL-FROM.

--
Dick St.Peters, stpeters(_at_)NetHeaven(_dot_)com 

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [spf-discuss] Re: Ramble about scopes, Frank Ellermann
Next by Date:  [spf-discuss] HELO versus Mail From Was Re: Successes and failures of the SPF project in 2005, Scott Kitterman
Previous by Thread:  [spf-discuss] Re: Website edit access, Frank Ellermann
Next by Thread:  [spf-discuss] HELO versus Mail From Was Re: Successes and failures of the SPF project in 2005, Scott Kitterman
Indexes:  [Date] [Thread] [Top] [All Lists]