Seth Goodman wrote:
[implicit "+mx +a"]
For that matter, you could imply ip4: as well.
No, IPs don't have SPF policies.
when presented with the SPF record, you don't
know if a name is a host name or domain name
Most domains relevant for SPF are also hosts.
Pure mail domains (with an MX but no IP) are
rare, and for an implicit "+mx +a" strategy
negative results (no IP or no MX) are cached.
this burns up queries from your quota.
Yes, but "v=spf1 +a/24 +mx/24 ?all" used to be
a "best guess policy", it's not too bad: MTAs
trying "call back verification" (CBV) query the
MX (or the IP if there's no MX) anyway.
Explicitly stating whether it is a hostname or
domain name saves DNS queries, so implying
"a" and "MX" may not be a win.
JFTR, an SPF policy for fqdn.example without "+a"
can be still a host fqdn.example, and it can run
a smtpd. And a policy for fqdn.example without
"+mx" doesn't imply that fqdn.example is a host.
That's not directly related.
My definition of "host" is "LDH + IP", does that
match your definition ?
Per-user policies aren't necessary,
Agreed, but ... there's no per-user macro, you
get it by combining others.
%l (local part) is needed for "per user policy",
the implementors will have some fun when they'll
try to integrate UTF8SMTP into their programs ;->
But I'm convinced it's possible to get it right,
otherwise I'd whine on the EAI mailing list.
the "exists" mechanism is too general.
-1 unless you can show that making it less
general makes it simpler.
*_IFF_* that's possible at all it should somehow
combine %l and "exists" into what's required for
SES. An "ses" mechanism replacing "exists" (?)
SOFTFAIL could be replaced by op=testing.
While I have always disliked softfail and wouldn't
mind expressing softfail as a mechanism/modifier
rather than a result, I have always found op= to
be arcane.
op= is for anything "yes/no" "0/1" "true/false", the
least verbose way to arrange such "properties" like
"testing". Of course "options=" or "flags=" or a
similar name introducing such lists would be more
obvious, but also longer. The op= is a shorthand
for optional.properties=. I don't see an advantage
for "testing=true helo=never" in comparison with a
combined list "op=testing.nohelo". op= is shorter,
admittedly it's not nicer.
Let's not create another PERL.
It's about the UDP limit, not about inventing crude
abbreviations. Would you really insist on 5 bytes
more as in "options=" ? That could be the 5 bytes
needed for " -all" at the end.
Julian's last 2*2 table was fine, it favours backwards
compatibility wrt error conditions. In essence it
says "use the TXT result for TempError if you query
both SPF and TXT".
+1 from me, but does it conflict with 4408?
I don't think so. IMHO it's an implementation detail,
and Julian's table was the solution passing our giggle
tests here.
Frank
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735