spf-discuss
[Top] [All Lists]

RE: [spf-discuss] Re: Another test case for the test suite...

2007-01-11 11:23:15
Frank Ellermann wrote on Wednesday, January 10, 2007 6:32 PM -0600:

If both RRs exist and work, they either both have v=spf1, or they
both don't have it.

That's what they're supposed to have.  What they actually have may be
different.  While the original goal of having all SPF recipients get the
same query result was laudable, recipients are not required to query
both record types,  so that is no longer possible.  With that in mind,
it seems more sensible to treat both queries the same.  That is, if you
query for a record, a DNS timeout or response with RCODE other than 0 or
3 is a temperror.  If you query for both records and either one gives
the above result, that is also a temperror.  If you don't like this
possibility, don't query both record types, which will also avoid a lot
of unnecessary DNS usage.  Since this is an unusual corner case, I think
we should err on the side of protecting the domain name (temperror)
rather than mail delivery (none).  It also makes SPF operation easier to
understand since we complicated it with the new record type.

--
Seth Goodman

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735

<Prev in Thread] Current Thread [Next in Thread>