-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- From the contact form...
- ---------- Forwarded Message ----------
Subject: RFC 4408 violates RFC 2821 spec
Date: Friday, 9. June 2006 22:36
From: "Brian Wright" <bwright(_at_)boomerang(_dot_)com>
To: spf-council(_at_)v2(_dot_)listbox(_dot_)com
Topic: Other
Name: Brian Wright
Organization: boomerang.com
4.3. Initial Processing
If the <domain> is malformed (label longer than 63 characters, zero-
length label not at the end, etc.) or is not a fully qualified domain
name, or if the DNS lookup returns "domain does not exist" (RCODE 3),
check_host() immediately returns the result "None".
If the <sender> has no localpart, substitute the string "postmaster"
for the localpart.
This section of RFC4408 breaks the spirit of and the rules for RFC2821.
When, RFC2821 (and based on RFC821) a domain is encountered and an MX is
unable to be looked up, this assumes an implicit MX record (basically
defining it to be a host RR A and not a domain). Based on this
assumption and because it's a host+domain, SPF should strip the host
portion and do a lookup on the next domain level down to find an SPF
record that may authorize that host to deliver.
This section is problematic and breaks the MTA's RFC2812/821
specifications. You can't simply assume that all names given in an MFROM
or even a HELO/EHLO are DNS domains. There are host+domains only out
there.
Worse, your function is called check_host(), not check_domain(). This
implies, by the name of the function that it will also check for both
hosts and domains. Not domains only. You're breaking the SMTP spec with
this section.
- --
Message was sent via the SPF website contact form
<http://new.openspf.org/Contact>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEiiBSwL7PKlBZWjsRAjw/AJ47lC6vOrAZ202lJgW3lICB9egQbQCbB2lB
sgaUZV6XRGEDq2KfVfJi1Mk=
=1qkY
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com