[Top] [All Lists]

[spf-discuss] Re: TENBOX/E as an AUTH type

2007-04-06 17:52:52
william(at)elan.net wrote:

Again, it sounds like we need serious discussion of scoping as part of
discussions of SPV v3. Creating new v= for each such record when they
are similar is just waste of resources.

Different version tags for completely different purposes like v=spf1
or spf2.0/pra are in theory fine.  It's bogus to add redundant version
tags like "spf2.0/mfrom", "spf2.0/mfrom,pra", and "spf2.0/pra,mfrom"
when nobody is inclined to publish (or look at) anything "mfrom" in the
first place, old MARID cruft we might need to cleanup.

A few abuses of v=spf1 for PRA are plausible, routes permitted for the
MAIL FROM are for all practical purposes also okay for a PRA.  Routes
FAILing for PRA would be at least suspicious for MAIL FROM - that case
could be relevant for somebody abusing spf2.0/pra for MAIL FROM.  It's
a theoretical case, but IMO still interesting for explanations why PRA
was a bad idea.

Otherwise version tags can be used for different purposes, the receiver
gets the complete SPF RR set with one DNS query, and can then pick the
record(s) it needs.  The available space for the complete record set is
limited by UDP, that's a known problem.

"spf2.0/mfrom,pra only=pra ip4: only=mfrom ip4: -all"
"spf2.0/pra ip4: -all"
                             "spf2.0/mfrom ip4: -all"

Different records can be shorter than convoluted "scoping" ideas.  My
example wasn't fair, but actually different tags can have a different
syntax.  The spf2.0 legacy is an exception re-"inventing" the wheel for
mostly non-technical reasons.


Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
please go to http://v2.listbox.com/member/?list_id=735

<Prev in Thread] Current Thread [Next in Thread>