On 02/12/2006 21:33, Frank Ellermann wrote:
scan policy again for "interesting" options / modifiers,
and even in the worst ten-nested-include case this scan
finds all relevant info in the cache.
Well, or maybe it's not that simple:
x1.test "v=spf1 modix=1 -include:x2.test redirect=x3.test"
x2.test "v=spf1 modix=2 +ip4:0.0.0.0/1 -all"
x3.test "v=spf1 modix=3 +ip4:128.0.0.0/2 -all"
Result FAIL. Precisely what is the value of modifier modix
in the "scan after check_host()" step ? Is it modix=1, or
modix=2, or modix=3 ?
Are modifiers "hidden" behind include: for the purpose of a
post check_host() scan ? That would eliminate modix=2, but
what about modix=1 vs. modix=3 ?
Maybe we don't need a new SPF version, but have to explain
the messy modifiers in all existing SPF versions. Bye, Frank
At this point I wouldn't claim to have a complete design, more of a
suggestions, and so certainly stuff like this will come up.
Assuming the relevant mail identity for the message in question was from the
domain x1.test, then I'd say modix=1.
Since this is a specific rule for a specific domain. I would say that the
redirect should be followed to get the modifier, but if and only if the basic
record didn't have one. I don't think the rules should allow for following
an include to get the modifier because that would cause modifiers to
potentially be opt-out as a result of includes crossing administrative
boundaries. Redirect is supposed to be within an administrative boundary, so
I think that's OK.
So, I'd say that in your example, modix=1. One could never have modix=2. It
would be modix=3 if you removed modix=1 from the first record. This allows
an administrative unit to set a general policy using redirect, but over-ride
if for a specific domain in that domain's record. This is pretty much,
conceptually, how redirect is intended to work now for mechanisms.
More reasons why we will need to think this through and develop separate
drafts for them. Some information would go in a overview draft (like this
discussion) and then each specific modifier would need a draft too.
Scott K
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com