spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Re: [spf-devel] Re: Another test case for the test suite...

2007-01-10 08:21:32
On Wed, Jan 10, 2007 at 12:35:45AM -0500, Scott Kitterman wrote:

Are you saying here you can point to RFC4408 and justify returning
"None" in the discussed case where looking for SPF does not return
an error, and looking for TXT does?

Yes, but as Guy just posted, RFC 4408 doesn't care which way it happens.

Ack.  Thanks Guy and Scott, you've convinced me.  Here's how I'm going to
remember, and explain to others:

Normally a DNS error would result in a "TempError".  However, if both types
of SPF records are published, they must have the same content
(RFC 4408 section 3.1.1).  This means if you query both RR types and only
one DNS lookup succeeds, you should be able to be confident that the other
lookup would have returned the same content.  Only if all lookups return
an error or timeout, we have no information (RFC 4408 section 4.4).


Implementations are not required to look for both DNS RR types. This
could (at least theoretically) mean the following scenarios can occur:

1) only TXT is looked up, and this results in return code 0 or 3.
2) only SPF is looked up, and this results in return code 0 or 3.
3) both RR are looked up, and both return the same content (code 0 or 3).
4) both RR are looked up, and one results in a timeout or error.
5) only TXT is looked up, and this results in a timeout or an error.
6) only SPF is looked up, and this results in a timeout or an error.
7) both RR are looked up, and they deliver different content.

Here, (1) thru (4) result in further processing (perhaps very short
processing, returning "None").

(5) and (6) result in "TempError".  Other clients may query both
records and get a different result (scenario 1..4).

What should be done in scenario (7) ?  Only process the SPF type RR,
not even noticing the different TXT type RR content, pretending we
didn't notice the difference, or return PermError?
There's something to say for all three...

Did I miss a possible scenario?

cheers
Alex

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735