Frank Ellermann writes:
Dick St.Peters wrote:
As I see it, the SPF draft defines two scopes, an mfrom scope
and a helo scope and says to switch to the helo scope if the
mfrom is empty.
I wouldn't agree to call this "scope", and when Wayne tried to
use this term for the Received-SPF we had one of our usual cat
fights about it (and in that case he lost ;-)
This sub-thread has become about what SenderID calls a scope. Quoting
from draft-lyon-senderid-core-01.txt:
3.1 Version and Scope
Under Sender ID, receiving domains may perform a check of either the
PRA identity or the MAIL-FROM identity. Sending domains therefore
require a method for declaring whether their published list of
authorized outbound e-mail servers can be used for the PRA check,
the MAIL-FROM check or both.
This section replaces section 4.5 of [SPF] and adds the concept of
SPF record scopes.
SPF records begin with a version identifier and may also include a
scope:
record = version terms *SP
version = "v=spf1" | ( "spf2." ver-minor scope)
ver-minor = 1*DIGIT
scope = "/" scope-id *( "," scope-id )
scope-id = "mfrom" / "pra" / name
For example, the SPF record:
spf2.0/mfrom,pra +mx +ip4:192.168.0.100 -all
defines an SPF record that can be used for either MAIL FROM or PRA
checks.
This document only defines the existence of two scopes: "mfrom" and
"pra". The details of these two scopes are defined in other
documents: "mfrom" is defined in [SPF], "pra" is defined in [PRA].
I read that as saying the SenderID scope refers to the identity being
checked. Wayne says, in effect, that it refers to the entire process
defined in [SPF]. including the switch to a different identity.
Either way, this thread has drifted far away from what is important to
me: that my SPF policies not be applied to my servers' HELO
identities.
This has become operationally less important since the zone cuts were
removed, but I still regard it as ludicrous to think that a single
policy applies to both MAIL-FROM identities and HELO identities. My
servers send mail for hundreds of domains, but the servers themselves
are in a domain never used legitimately in a MAIL-FROM.
--
Dick St.Peters, stpeters(_at_)NetHeaven(_dot_)com
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com