spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Implicit A (was: Implicit MX)

2007-01-14 21:17:01
from [Alex van den Bogaerdt] [Permanent Link] 
On Sun, Jan 14, 2007 at 09:26:59PM -0600, Seth Goodman wrote:


If I understand you correctly, you are suggesting that implicit "a"
means to imply "+a" for every SPF record.  If so, it would then be
hard to say that a domain sends no mail since the implied "+a" in



Just like with the implicit MX, there is often no host that has the
identical name as the domain _and_ is authorized to send mail.



you forgot the part where I said: "... for HELO ...":


This assume the hostname of the outbound relay is identical to the
domain name


No, it isn't.  You keep involving MAIL FROM.  Don't, as this is not
what I have in mind.

At least we agree that defaults are bad.

ONLY for HELO <<<<---- (that excludes MAIL FROM !), I could live with
an implicit "+a" in a record, or maybe even an implicit "v=spf1 a ?all"
record if there isn't an explicit record.  
No, I am not discussing "best guess" here either, should you think so.
We were discussing a future change to the protocol, right ?

ONLY for HELO it would make sense to have "+a", as the name used in HELO
should be the FQDN of the host.  It does not make sense to deny a host
the right to use its own name for HELO <--- (not talking about MAIL FROM!).

By the way, the following is not yet mentioned:  there is a benefit when
we'd have that implicit "a" for HELO in future records.  Consider:

mail01.example.com. A    192.0.2.1
mail01.example.com. TXT  "v=spf1 a -all"

This will not just authorize saying "HELO mail01.example.com", it will
also authorizing "MAIL FROM: <user(_at_)mail01(_dot_)example(_dot_)com>".  
While this is
not a big problem, an implicit "a" would enable the following:

mail01.example.com. A    192.0.2.1
mail01.example.com. TXT  "v=spf1 -all"

thereby not authorizing any server to say "MAIL FROM: 
<user(_at_)mail01(_dot_)example(_dot_)com>"
but still authorizing this host to say "HELO mail01.example.com".


Organizations interpreting RFCs differently, not using a host's name in
HELO but rather a generic string such as hotmail.com, will still be able
to authorize various hosts in an SPF record, just as they are right now.

Alex

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [spf-discuss] proposed spf3 non-contiguous address notation, Seth Goodman
Next by Date:  Re: [spf-discuss] Implicit A (was: Implicit MX), Stuart D. Gathman
Previous by Thread:  RE: [spf-discuss] Implicit MX (was: Another test case for the test suite...), Seth Goodman
Next by Thread:  Re: [spf-discuss] Implicit A (was: Implicit MX), Stuart D. Gathman
Indexes:  [Date] [Thread] [Top] [All Lists]