In <200606100128(_dot_)51003(_dot_)julian(_at_)mehnle(_dot_)net> Julian Mehnle
<julian(_at_)mehnle(_dot_)net> writes:
From the contact form...
---------- Forwarded Message ----------
Subject: RFC 4408 violates RFC 2821 spec
Date: Friday, 9. June 2006 22:36
From: "Brian Wright" <bwright(_at_)boomerang(_dot_)com>
To: spf-council(_at_)v2(_dot_)listbox(_dot_)com
[snip]
This section of RFC4408 breaks the spirit of and the rules for RFC2821.
When, RFC2821 (and based on RFC821) a domain is encountered and an MX is
unable to be looked up, this assumes an implicit MX record (basically
defining it to be a host RR A and not a domain). Based on this
assumption and because it's a host+domain, SPF should strip the host
portion and do a lookup on the next domain level down to find an SPF
record that may authorize that host to deliver.
For what it is worth, Brian sent Meng and me a slightly more detailed
email, but basically along the same lines.
It *appears* that Brian is under the misunderstanding that if you have
something like "foo.example.com", that "foo" is the "hostname", while
"example.com" is the "domainname". As a result, it appears to Brian
that we are defining check_host() to be passed a domainname (via the
text description), which would just be "example.com", but the
check_host() name implies it should just be passed "foo".
Brian appears to think that a hostname can only have an A record, they
can't have both A records and the TXT record needed for SPF. It
appears that he thinks that the only place that you can have stuff
other than A records is at the top of the zone, where you have SOA, NS
and MX records. Therefore, he thinks that SPF implementations should
be checking "example.com" for the SPF records rather than
"foo.example.com", since latter is a hostname rather than the
domainname. More over, if SPF implementations are indeed checking
what he calls the "hostname" of "foo.example.com", that would mean
that for each host, he would have to make a delegation so that both
TXT and A records could occur together (along with the SOA and NS
records and such).
Mind you, I could easily be confusing what Brian is saying, so take my
interpretations with a grain of salt.
I've been corresponding with Brian and trying to clear things up. I
don't think I've succeeded yet. *sigh*
-wayne
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com