spf-discuss
[Top] [All Lists]

RE: [spf-discuss] Re: Using SPF op=helo for HELO Authorization

2007-01-30 11:36:03
Alex van den Bogaerdt wrote on Tuesday, January 30, 2007 11:24 AM -0600:

On Tue, Jan 30, 2007 at 06:02:31PM +0100, Frank Ellermann wrote:

outbound2     CNAME inbound2.example.com.
              MX    5 inbound1.example.com.
              MX    9 inbound2.example.com.

[snip]

Apparently there are some RRs of the same CLASS (IN) associated
with "outbound2" in the example above, or did I miss a clue ?

You're right, although I read and processed the example as if
"MX 5 inbound1.example.com." was written
"@ MX 5 inbound1.example.com."

Alex read it as intended, even though it was my own personal shorthand.
Frank is right that as written, it specifies something completely
different and in fact becomes illegal.  This is a public list and I
should not rely on others guessing my intentions.


Frank Ellermann wrote on Tuesday, January 30, 2007 11:03 AM -0600:

And Seth mentioned to "extract the domain from the HELO FQDN",
if that describes anything else but "take the FQDN as is" it's
wrong wrt HELO checks by SPF.

Frank is right on this as well.  The description of HELO processing I
gave is not even close for current SPF.  The intention of RFC4408 for
HELO processing is to pass check_host() the HELO name as both domain and
sender, not try to perform a zone cut as I wrote.  That shortcut for
HELO processing was removed a long time ago, and parsers compliant with
RFC4408 do not operate that way.


I'll try to get a corrected version of that example up shortly.  Sorry
for any confusion this caused.

--
Seth Goodman


-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735