-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Frank Ellermann wrote:
The "+mx" and "+a" could be implied, each policy automatically has it.
MTAs know how to handle MX queries.
If "+a" was implied, that would majorly break HELO checking.
And if there's no explicit "mx" mechanism anymore Doug's weirder SPF-DDoS
scenarios simply vanish.
There are better ways to void DougO's DDoS attack vector, such as limiting
the number of mechanism lookups that are allowed to fail (return an empty
response or NXDOMAIN) to, say, 2.
The macro stuff is also more baroque than KISS.
- From writing Mail::SPF I can tell that implementing the macro stuff was
probably less than 10% of the total effort. (The only thing that was
slight trouble was the %{p} macro.) Macros should generally stay.
Per-user policies aren't necessary,
I'd agree that they're non-trivial to implement, however once they become
so, they'd be very useful.
exp= is unnecessary,
No, I think it is a very nice feature. For example, if you have it reveal
a URL, the web page pointed to can be localized. I'd even like it to
become more general and apply to non-Fail results as well.
and the "exists" mechanism is too general.
I don't get that one. Plus, what Seth said.
SOFTFAIL could be replaced by op=testing.
To that I agree. I think the op= modifier is a good idea, and the "I'm
still testing stuff" characteristic of SoftFail should be made more
explicit. We have too many "v=spf1 ... ~all" policies out there that will
probably never be changed to "-all" due to a lack of understanding what
SoftFail is supposed to mean.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFqAH+wL7PKlBZWjsRAv9vAJ0b4yJTWBzH5moB1+gcUuoT7KfOtwCdFtal
obDR2lMjSpgLgr1+TS7puxk=
=gEsf
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735