On Mon, Mar 31, 2008 at 03:55:58PM +0200, Stephan Seitz wrote:
Hi listmembers,
Recently, I found a few ISPs publishing their SPF records as
IN TXT "\"v=spf1 .... \"" instead of
IN TXT "v=spf1 .... "
Currently our spf lib takes these records as invalid.
My question is, should we silently ignore the double quotes?
How would you act?
This, and similar issues, are always under debate.
See RFC 760, section 3.2, 1st paragraph.
I have to say I do disagree with this. Where does it end?
It is certainly possible that malformed input may seem to be
clear to me (my application) but in reality the sender had
something else in mind. Worse: syntactically correct input
may still not be what was intended.
If someone's record doesn't end in <prefix>"all", should I assume
the intention was "-all", or should I assume "?all" ?
If someone's record ends in "+all", should I assume the intention
was to publish "-all", or should I do as I'm asked to do?
How about v=spf1amx-all; should I assume this was intended to be
a valid policy, published as 4 separate parts, instead of one
part with spaces?
(thus: "v=spf1" "a" "mx" "-all" instead of "v=spf1 a mx -all")
Was "v=spf1mxhost=whatever" intended to be
"v=spf1 mx host=whatever" or "v=spf1 mxhost=whatever" ?
If you're going to ignore those quotes, are you also going to
accept stuff like:
"\"v=spf1 a mx:hostnamewhichISanMX; mx:othernamewhichISanMXbutalsoHASanMX;
-every\""
and pretend it was:
"v=spf1 a a:hostnamewhichisanmx a:othernamewhichISanMXbutalsoHASanMX -all"
or
"v=spf1 a a:hostnamewhichisanmx mx:othernamewhichISanMXbutalsoHASanMX -all"
? Which one?
In my opinion the best way to help people publishing such records is
to reject mail. They will soon find out, and learn their mistakes.
Alex
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/735/=now
RSS Feed: http://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com