On Sun, Feb 12, 2006 at 11:06:00AM -0500, Scott Kitterman wrote:
Uh... do we want to see different "v=spf1 " versions? One being able
to process a certain modifier, one not?
Certainly. That's the whole point of a modifier. It's to extend SPF
without changing the basic SPF result for non-implementers.
OK. Modifiers are optional. A modifier may appear only once per
directive-set. Unknown modifiers are ignored.
I am afraid that this is going to cause the same record to be processed
different by different receivers. I also never understood "redirect"
so maybe it is just me lacking knowledge... if so, please enlighten me.
What we don't want is to make changes that cause us to ask the entire
installed base to upgrade.
I understand. But what we also do not want is fuzziness.
Suppose redirect would be such a new modifier, not implemented by
each installation but allowed for the "new spf1":
domain1.example TXT "v=spf1 a -all redirect=domain2.example"
domain2.example TXT "v=spf1 mx -all"
domain2.example MX 0 mailhost.domain2.example
receiver 1, not aware of "redirect", will process this record as if
"v=spf1 a -all" was seen. Only host domain1.example may send. All
other hosts result in "-all" -> "FAIL".
receiver 2, understanding "redirect", would not only allow host
domain1.example but would also allow mailhost.domain2.example to
be a sender. The result is "PASS".
In such a situation, I would not be confident to use "redirect" in
my policy, because I cannot rely on this modifier to be understood.
Only if "redirect" is mandatory in the protocol (for instance v=spf3)
then I could rely on it.
Am I missing something?
Alex
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com