On Jan 27, 2011 at 18:55 -0500, Philip Gladstone wrote:
=>In many cases, you can do reporting today with SPF. If you have a stunt DNS,
=>then you can make the receiver do specific lookups and thereby you can track
=>what is going on.
Yup, see section 9.1 of RFC 4408.
=>In particular, this was much of the motivation behind the macro language in
=>SPF.
=>
=>I have a fairly nasty SPF record -- including things like
=>'-exists:%{i}.%{l1r-}.user.%{d}' This allows me to drop any mail that
=>doesn't come from a valid user in my domain. Because of where this comes in my
=>SPF record (after the allows for my normal servers), I get to see what is
=>going on.
=>
=>For example, I see:
=>
=>213.244.228.130.ga6uhifg.user.spf.gladstonefamily.net
=>140.177.205.131.ostmaster.user.spf.gladstonefamily.net
I used a slight variation of the example in RFC 4408 section 9.1 which
has
exists:_h.%{h}._l.%{l}._o.%{o}._i.%{i}._spf.%{d}
But mine is
exists:_l.%{l}._o.%{o}._h.%{h}._i.%{i}._spf.%{d}.
I like to be able to read from right to left as the SMTP transaction
took place. _i) IP address connected, _h) it HELO'd as, _o) used domain
name and _l) local-part address
One short coming to this is that you see the DNS query coming from the
DNS server that is being used by the receiving MTA and not the receiving
MTA's IP address. This is not really a big deal as I would think that
you are really interested in the sending IP address (%{i}) which is
logged.
=>On 25-Jan-11 10:49 AM, Tim Draegen wrote:
=>> Hi, I posted some feedback on the proposed SPF modifiers on the MARF IETF
=>> list. Here are my relevant-to-SPF comments:
=>>
=>> =======================================
=>> - I'm having a hard time understanding how the SPF "reportopts" will be
=>> used. The publisher of the record adds the policy piece of SPF that leads
=>> to a (fail, softfail, neutral) result, usually by adding something like
=>> "-all" or "~all" to their record.
=>>
=>> EG, using the proposed syntax, I could write "v=spf1 ip4:1.2.3.4
=>> report=email.address reportopts=f ~all". This would specify that I want
=>> reports on all SPF "fails" (distinct from "softfails"). However, my "~all"
=>> means that all my non-authorized email will end up receiving "softfails",
=>> resulting in me receiving zero reports.
=>>
=>> - Lots of real-world SPF records "include:" other records. What if two
=>> report-related extensions appear due to the use of include:?
=>>
=>> - SPF records describe "mechanisms" for identifying authorized servers and
=>> "modifiers". The extensions are "modifiers", but I'm uncertain if these
=>> will break existing SPF code, or if various implementors did the right the
=>> thing.
=>>
=>> - "reportsmtp=" is redundant with SPF's existing "exp:" modifier.
=>> =======================================
=>>
=>> Overall I like the idea of adding a feedback mechanism to SPF. I'm keen on
=>> fleshing out exactly what is useful and possible, and then using that
=>> experience to improve SPF. So, add "feedback mechanism" to the
=>> SPF-improvements bucket.
So far using the RFC 4408 section 9.1 example, I have been able to get
the feedback as a sender/postmaster that I need. I admit I have not
read the complete draft, but I am not sure what these additional
modifiers would gain over using the exists: modifier with macros.
--
***********************************************************************
Derek Diget Office of Information Technology
Western Michigan University - Kalamazoo Michigan USA - www.wmich.edu/
***********************************************************************
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/2183229-668e5d0d
Modify Your Subscription:
https://www.listbox.com/member/?member_id=2183229&id_secret=2183229-a7234b15
Unsubscribe Now:
https://www.listbox.com/unsubscribe/?member_id=2183229&id_secret=2183229-98aa0fe6&post_id=20110128114644:2F89EB96-2AFE-11E0-BA1F-C7E96A13C6EF
Powered by Listbox: http://www.listbox.com