Craig Whitmore wrote:
test16.spam.co.nz v=spf1 ip4:0.0.0.0/0 -all
test17.spam.co.nz v=spf1 ip4:0.0.0.0 -all
What should be the "correct" result with these testing with
ip address 1.1.1.1 ?
PASS (1.1.1.1 belongs to /0) and FAIL (1.1.1.1 isn't 0.0.0.0).
something like 1.1.1.1/0 should be invalid.
It's valid. Of course all these /0 cases are pathological.
If you take a realistic case like /24 there are two ways how
you could handle this: allow 1.1.1.1/24 because it's the
same as 1.1.1.0/24, or say it's invalid, the publisher could
use 1.1.1.0/24
The spec. used the common practice of allowing it, because
publishers of SPF policies might not exactly know how that
works. They could know that the relevant MTA IP is 1.1.1.1,
and that it belongs to a /24. But they might not know how
to compute 1.1.1.0/24 from 1.1.1.1/24.
Unlike you, you know precisely what 1.1.1.1/24 means. For
anything that's not /16 or /24 I'd have start a calculator
to get it right (maybe).
On the other hand getting 1.1.1.1/29 "the /29 of IP 1.1.1.1"
wrong is hard, just support this notation and you're done.
Frank
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com