spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Re: other modifiers

2006-02-12 22:00:19
from [Scott Kitterman] [Permanent Link] 
On 02/12/2006 21:33, Frank Ellermann wrote:

scan policy again for "interesting" options / modifiers,
and even in the worst ten-nested-include case this scan
finds all relevant info in the cache.


Well, or maybe it's not that simple:

x1.test "v=spf1 modix=1 -include:x2.test redirect=x3.test"
x2.test "v=spf1 modix=2 +ip4:0.0.0.0/1 -all"
x3.test "v=spf1 modix=3 +ip4:128.0.0.0/2 -all"

Result FAIL.  Precisely what is the value of modifier modix
in the "scan after check_host()" step ?  Is it modix=1, or
modix=2, or modix=3 ?

Are modifiers "hidden" behind include: for the purpose of a
post check_host() scan ?  That would eliminate modix=2, but
what about modix=1 vs. modix=3 ?

Maybe we don't need a new SPF version, but have to explain
the messy modifiers in all existing SPF versions.  Bye, Frank


At this point I wouldn't claim to have a complete design, more of a 
suggestions, and so certainly stuff like this will come up.

Assuming the relevant mail identity for the message in question was from the 
domain x1.test, then I'd say modix=1.  

Since this is a specific rule for a specific domain.  I would say that the 
redirect should be followed to get the modifier, but if and only if the basic 
record didn't have one.  I don't think the rules should allow for following 
an include to get the modifier because that would cause modifiers to 
potentially be opt-out as a result of includes crossing administrative 
boundaries.  Redirect is supposed to be within an administrative boundary, so 
I think that's OK.

So, I'd say that in your example, modix=1.  One could never have modix=2.  It 
would be modix=3 if you removed modix=1 from the first record.  This allows 
an administrative unit to set a general policy using redirect, but over-ride 
if for a specific domain in that domain's record.  This is pretty much, 
conceptually, how redirect is intended to work now for mechanisms.

More reasons why we will need to think this through and develop separate 
drafts for them.  Some information would go in a overview draft (like this 
discussion) and then each specific modifier would need a draft too.

Scott K

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [spf-discuss] Re: other modifiers, Frank Ellermann
Next by Date:  Re: [spf-discuss] Re: other modifiers, Scott Kitterman
Previous by Thread:  [spf-discuss] Re: other modifiers, Frank Ellermann
Next by Thread:  [spf-discuss] Re: other modifiers, Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]