spf-discuss
[Top] [All Lists]

Re: [spf-discuss] SPFv3 proposal: rawfail result

2011-02-05 03:41:01
On Fri, 4 Feb 2011, Alessandro Vesely wrote:
To me, it seems nearly impossible to formally define that difference
within the definition of the check_host function, in the face of
forgeries.

Actually, "check_host" doesn't need to worry about it.  It would be
called upon only to *return* "fail" or "rawfail" according to the SPF
records, not to *interpret* them.

Still, I see what you're talking about, but would counter that it is even
harder to write a single reference behavior-set that makes use of the
distinction between "unknown" and "pass", let alone "softfail".

What I'd do is define a second function "is_internal_forward", that
returns a ternary result : True, False, or Unknown.  The definition would
have to be supplied by the local site, but it would have to satisfy the
following requirements.

 * MUST return True in all cases where a backup MX is handing off a
message towards the primary
 * MAY return Unknown in any other case
 * SHOULD NOT return True when the message is not a forward.
 * SHOULD NOT return False when the message is a forward.

(I use SHOULD because today forwarder whitelisting is done in an ad-hoc
way that could be utterly broken by a forwarder changing the IP or
hostname of its handoff mailserver without notice.

If we used MUSTs, then reject-on-ordinary-fail would not be available to
sites that have merely enumerated their incoming non-rewriting forwards,
but only to those confident that there are *none at all*)

Then the SPF reject vote is decided by the following matrix:

        rawfail  fail     softfail unknown  pass
True    Accept   Accept   Accept   Accept   Accept
Unknown Reject   Accept   Accept   Accept   Accept
False   Reject   Reject   Accept   Accept   Accept

---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ 
[http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/2183229-668e5d0d
Modify Your Subscription: 
https://www.listbox.com/member/?member_id=2183229&id_secret=2183229-a7234b15
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=2183229&id_secret=2183229-98aa0fe6&post_id=20110205043911:DF483688-310B-11E0-B705-D69AF559ED1D
Powered by Listbox: http://www.listbox.com