} -----Original Message-----
} From: Guy Watkins [mailto:guy(_at_)watkins-home(_dot_)com]
} Sent: Wednesday, January 10, 2007 12:28 AM
} To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
} Subject: RE: [spf-discuss] Re: [spf-devel] Re: Another test case for the
} test suite...
}
} } -----Original Message-----
} } From: Alex van den Bogaerdt
[mailto:alex(_at_)ergens(_dot_)op(_dot_)het(_dot_)net]
} } Sent: Tuesday, January 09, 2007 11:50 PM
} } To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
} } Subject: Re: [spf-discuss] Re: [spf-devel] Re: Another test case for the
} } test suite...
} }
} } On Tue, Jan 09, 2007 at 11:25:27PM -0500, Scott Kitterman wrote:
} }
} } > The reason the spec says to use the non-error response if you get an
} } error for
} } > one RR type and a non-error for the other RR type is that some DNS
} } servers
} } > will never answer for unknown RR Types. So these DNS servers will
} } always
} } > return a timeout (which is an error) for type SPF.
} }
} } Scott,
} }
} } Are you saying here you can point to RFC4408 and justify returning
} } "None" in the discussed case where looking for SPF does not return
} } an error, and looking for TXT does?
} }
} }
} } I can understand your justification when SPF times out and TXT does not,
} } but we're discussing the opposite?
}
} The order should not matter. RFC4408 does not favor SPF or TXT records.
} At
} least as I read it.
}
} >From 3.1.1:
} An SPF-compliant domain name SHOULD have SPF records of both RR
} types. A compliant domain name MUST have a record of at least one
} type. If a domain has records of both types, they MUST have
} identical content.
}
} 4.4. Record Lookup
}
} In accordance with how the records are published (see Section 3.1
} above), a DNS query needs to be made for the <domain> name, querying
} for either RR type TXT, SPF, or both. If both SPF and TXT RRs are
} looked up, the queries MAY be done in parallel.
}
} If all DNS lookups that are made return a server failure (RCODE 2),
} or other error (RCODE other than 0 or 3), or time out, then
} check_host() exits immediately with the result "TempError".
More thoughts on this:
You are not required to lookup both TXT and SPF type records. So it would
seem to me you could use the results of the SPF or TXT type as if you only
tried to read one of them. RFC4408 does not cover the case where one times
out and the other returns NONE. In fact it does not cover when one times
out and the other returns good data. Maybe I missed it.
Personally, I would have preferred that an SPF-compliant domain name MUST
have a TXT record and SHOULD have a SPF record. And when looking up you
must read TXT if SPF fails or returns NONE. The way RFC4408 reads I could
publish a TXT type and you could lookup only a SPF type, and we both would
be doing it correctly! Seems wrong.
Guy
}
} Guy
}
} }
} } TIA
} } Alex
} }
} } -------
} } Sender Policy Framework: http://www.openspf.org/
} } Archives at http://archives.listbox.com/spf-discuss/current/
} } To unsubscribe, change your address, or temporarily deactivate your
} } subscription,
} } please go to http://v2.listbox.com/member/?list_id=735
}
} -------
} Sender Policy Framework: http://www.openspf.org/
} Archives at http://archives.listbox.com/spf-discuss/current/
} To unsubscribe, change your address, or temporarily deactivate your
} subscription,
} please go to http://v2.listbox.com/member/?list_id=735
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735