spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Re: Another test case for the test suite...

2007-01-10 08:29:14
from [wayne] [Permanent Link] 
In <200701101452(_dot_)42935(_dot_)julian(_at_)mehnle(_dot_)net> Julian Mehnle 
<julian(_at_)mehnle(_dot_)net> writes:


For illustration, the spec currently requires the following behavior:

|                        |               SPF type                 |
|                        +-------------+-----------+--------------+
|                        | no SPF recs | time-out  | RCODE != 0/3 |
|    -----+--------------+-------------+-----------+--------------+
|         | no SPF recs  |    None     |   None    |     None     |
|         +--------------+-------------+-----------+--------------+
|    TXT  | time-out     |    None     | TempError |  TempError   |
|    type +--------------+-------------+-----------+--------------+
|         | RCODE != 0/3 |    None     | TempError |  TempError   |
|    -----+--------------+-------------+-----------+--------------+

For a future SPFv3, it is likely that it would support the SPF RR type only 
(which would also be a nice incentive for domain owners to have their 
software/equipment upgraded to support it), so there wouldn't be any 
complications.  (However, I wouldn't like to carve that decision into 
stone just yet.)


Sadly, I think you are right, this is what RFC4408 requires *IF* you
choose to go ahead and check both RR types.

While it isn't a huge problem, I think this will give a lot of bogus
"None" results which will cause confusion.

Besides the obvious "don't query type99 records" (at least not by
default), another thing to do would be to not check type99 records
unless you get no valid SPFv1 TXT records.  There is nothing in
RFC4408 that says that an implementation has to always consisently
check both.  It appears to be quite legal and probably much better if
you used the following logic:

query for TXT records
if there aren't any valid SPFv1 records, then query for type99
proceed with record selection as per section 4.5

Yes, this is technically doing record selection twice, but that isn't
ruled out by RFC4408.


Note that you can still do the DNS lookups in parallel:

start DNS query for TXT
start DNS query for type99
wait for results of DNS query for TXT
if there aren't any valid SPFv1 records
then
   wait for results of DNS query for type99
else
   ignore results of DNS query for type99
endif
proceed with record selection as per section 4.5


-wayne

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Re: [spf-devel] Re: Another test case for the test suite..., Scott Kitterman
Next by Date:  [spf-discuss] Re: Another test case for the test suite..., Julian Mehnle
Previous by Thread:  [spf-discuss] Re: Another test case for the test suite..., Julian Mehnle
Next by Thread:  [spf-discuss] Re: Another test case for the test suite..., Julian Mehnle
Indexes:  [Date] [Thread] [Top] [All Lists]