spf-discuss
[Top] [All Lists]

[spf-discuss] Fwd: RFC 4408 violates RFC 2821 spec

2006-06-09 18:29:43
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- From the contact form...

- ----------  Forwarded Message  ----------
Subject: RFC 4408 violates RFC 2821 spec
Date: Friday, 9. June 2006 22:36
From: "Brian Wright" <bwright(_at_)boomerang(_dot_)com>
To: spf-council(_at_)v2(_dot_)listbox(_dot_)com

Topic: Other
Name: Brian Wright
Organization: boomerang.com

4.3.  Initial Processing

   If the <domain> is malformed (label longer than 63 characters, zero-
   length label not at the end, etc.) or is not a fully qualified domain
   name, or if the DNS lookup returns "domain does not exist" (RCODE 3),
   check_host() immediately returns the result "None".

   If the <sender> has no localpart, substitute the string "postmaster"
   for the localpart.


This section of RFC4408 breaks the spirit of and the rules for RFC2821. 
When, RFC2821 (and based on RFC821) a domain is encountered and an MX is
unable to be looked up, this assumes an implicit MX record (basically
defining it to be a host RR A and not a domain).  Based on this
assumption and because it's a host+domain, SPF should strip the host
portion and do a lookup on the next domain level down to find an SPF
record that may authorize that host to deliver.

This section is problematic and breaks the MTA's RFC2812/821
specifications.  You can't simply assume that all names given in an MFROM
or even a HELO/EHLO are DNS domains.  There are host+domains only out
there.

Worse, your function is called check_host(), not check_domain().  This
implies, by the name of the function that it will also check for both
hosts and domains.  Not domains only.  You're breaking the SMTP spec with
this section.

- --
Message was sent via the SPF website contact form
<http://new.openspf.org/Contact>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEiiBSwL7PKlBZWjsRAjw/AJ47lC6vOrAZ202lJgW3lICB9egQbQCbB2lB
sgaUZV6XRGEDq2KfVfJi1Mk=
=1qkY
-----END PGP SIGNATURE-----

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

<Prev in Thread] Current Thread [Next in Thread>