spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[spf-discuss] Re: Revising SPF before April 2008

2008-01-07 23:57:45
from [Frank Ellermann] [Permanent Link] 
Julian Mehnle wrote:


I don't quite see yet how the conflict with Sender ID's 
v=spf1/PRA abuse could be resolved.


We specify a IANA registry of SPF tags + modifiers + options
like this:

Record tag         Specification, applicability, (status)
v=spf1             4408
spf2.0/mfrom       4406, same as v=spf1 (DEPRECATED)
spf2.0/mfrom,pra   4406, same as v=spf1 + spf2.0/pra (DEPRECATED) 
spf2.0/pra,mfrom   4406, same as spf2.0/mfrom,pra (DEPRECATED)
spf2.0/pra         4406

Modifier           Specification, applicability, (status)
redirect=          4408, used for v=spf1 and spf2.0/pra
exp=               4408, used for v=spf1 and spf2.0/pra
op=                NNNN, used for v=spf1 and spf2.0/pra

Option             Specification, applicability, (status)
op=pra             (eliminated by what I'm talking about)
op=auth            NNNN, used for v=spf1
op=strict          NNNN, if Scott still wants it for SSP ;-)

This proposal will explain why mixing v=spf1 and spf2.0/pra
cannot work in practice:  A v=spf1 implementation doesn't
necessarily know what spf2.0/mfrom (etc.) is, and vice versa
an spf2.0/pra implementation won't care about obscure op=pra
drafts.

It will also explain that v=spf1 and spf2.0/pra are rather
different, and that spf2.0/pra support is poor because PRA
inherits all v=spf1 issues adding its own PRA issues while
losing the very desirable v=spf1 PASS advantage.  

It will be clear (between the lines) that PRA might turn out
to be hopeless for now, it will be also clear that spf2.0/pra
and v=spf1 are disjunct:  "Updates 4408" and "updates 4406".


As for amendments to RFC 4408, I'm extremely sceptical of
changing any semantics of the spec.  Maybe we can clean the
document up and apply the handful of errata[1] that we have
collected.


And elaborate on the "DDoS" SHOULD in some way, e.g. picking
your proposal in the "rebuttal", and/or add a recommendation
to use at most one mx-mechanism per record, and to be very
paranoid about evaluating more mx-mechanisms per record.

Plus a few other details, quoted strings in local part etc.

 Frank

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription: 
http://v2.listbox.com/member/?member_id=2183229&id_secret=83010124-0696b6
Powered by Listbox: http://www.listbox.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [spf-discuss] Re: Revising SPF before April 2008, Alessandro Vesely
Next by Date:  [spf-discuss] Re: Revising FAIL, Frank Ellermann
Previous by Thread:  [spf-discuss] Re: Revising SPF before April 2008, Alessandro Vesely
Next by Thread:  [spf-discuss] Revising FAIL, Alessandro Vesely
Indexes:  [Date] [Thread] [Top] [All Lists]