On Sun, Jan 14, 2007 at 09:26:59PM -0600, Seth Goodman wrote:
If I understand you correctly, you are suggesting that implicit "a"
means to imply "+a" for every SPF record. If so, it would then be
hard to say that a domain sends no mail since the implied "+a" in
Just like with the implicit MX, there is often no host that has the
identical name as the domain _and_ is authorized to send mail.
you forgot the part where I said: "... for HELO ...":
This assume the hostname of the outbound relay is identical to the
domain name
No, it isn't. You keep involving MAIL FROM. Don't, as this is not
what I have in mind.
At least we agree that defaults are bad.
ONLY for HELO <<<<---- (that excludes MAIL FROM !), I could live with
an implicit "+a" in a record, or maybe even an implicit "v=spf1 a ?all"
record if there isn't an explicit record.
No, I am not discussing "best guess" here either, should you think so.
We were discussing a future change to the protocol, right ?
ONLY for HELO it would make sense to have "+a", as the name used in HELO
should be the FQDN of the host. It does not make sense to deny a host
the right to use its own name for HELO <--- (not talking about MAIL FROM!).
By the way, the following is not yet mentioned: there is a benefit when
we'd have that implicit "a" for HELO in future records. Consider:
mail01.example.com. A 192.0.2.1
mail01.example.com. TXT "v=spf1 a -all"
This will not just authorize saying "HELO mail01.example.com", it will
also authorizing "MAIL FROM: <user(_at_)mail01(_dot_)example(_dot_)com>".
While this is
not a big problem, an implicit "a" would enable the following:
mail01.example.com. A 192.0.2.1
mail01.example.com. TXT "v=spf1 -all"
thereby not authorizing any server to say "MAIL FROM:
<user(_at_)mail01(_dot_)example(_dot_)com>"
but still authorizing this host to say "HELO mail01.example.com".
Organizations interpreting RFCs differently, not using a host's name in
HELO but rather a generic string such as hotmail.com, will still be able
to authorize various hosts in an SPF record, just as they are right now.
Alex
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735