-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael Deutschmann wrote:
On Sat, 5 Jan 2008, Julian Mehnle wrote:
However I do like the idea of making it more clear that the ~
qualifier is supposed to be a testing tool, not a permanent band-aid
for SPF's alleged "forwarding problem" as many domain owners seem to
think.
My understanding it is that it is neither a forwarding band-aid nor a
testing tool. It's a band-aid for a different problem -- that of users
who roam to other ISPs (perhaps using a laptop), and send their mail
either direct-to-MX or via a different ISP's smarthost.
No, that's what the ? qualifier is for. ~ was meant as a tool for testing
during roll-out. Unfortunately RFC 4408 does not make this sufficiently
clear, but it can be seen from both older versions of the spec and all
versions of Mail::SPF::Query, which has long been "the" SPF reference
implementation:
draft-mengwong-spf-00 and -01:
| 9.3 Phased Rollout
|
| At an adopting domain, adoption of SPF could occur in phases. A domain
| might move through these phases by changing its default response type
| from "neutral" to "softfail" to "fail".
|
| The phases are characterized by different levels of awareness among the
| domain's userbase, and different levels of strictness on the part of
| SPF-conformant receivers.
|
| When a sufficient majority of its users are SPF-conformant, a domain
| SHOULD change its default to "fail". [...]
draft-mengwong-spf-00 and -01, and draft-schlitt-spf-classic-00:
| [6.3 / 7.2] The Received-SPF header
|
| [...]
| Example headers generated by mybox.example.org:
| [...]
| Received-SPF: softfail (mybox.example.org: domain of
| transitioning myname(_at_)example(_dot_)com
does not
| designate 192.0.2.1 as permitted sender)
draft-lentczner-spf-00:
| 2.4.4 SoftFail
|
| A SoftFail result should be treated as somewhere between a Fail and a
| Neutral. This value is used by domains as an intermediate state during
| roll-out of publishing records. The domain believes the host isn't
| authorized but isn't willing to make that strong of a statement. [...]
| 4.2 Results
|
| [...]
| Results from interpreting valid records:
|
| Neutral (?): published data is explicitly inconclusive
| Pass (+): the <ip> is in the permitted set
| Fail (-): the <ip> is in the not permitted set
| SoftFail (~): the <ip> may be in the not permitted set, its use is
| discouraged and the domain owner may move it to the not
| permitted set in the future
| [...]
And check out these -- search for "transitioning":
http://www.openspf.org/svn/mail-spf-query-perl/tags/1.006/Query.pm
http://www.openspf.org/svn/mail-spf-query-perl/tags/1.997/Query.pm
http://www.openspf.org/svn/mail-spf-query-perl/tags/1.999.1/lib/Mail/SPF/Query.pm
It seems the idea of ~ being a testing tool during roll-out got lost in
the draft-schlitt-spf-classic drafts. We could restore it in a 4408bis
document.
Using ?all or ~all as a forwarding band-aid is bad -- it destroys
relevant information.
Agreed.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHf491wL7PKlBZWjsRAmy0AKDMnRbqXjWA5qH4aMDzhepyg128bQCZAdZj
BnO9AXvEOJwadb+a5Kx1Qtk=
=brQD
-----END PGP SIGNATURE-----
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription:
http://v2.listbox.com/member/?member_id=2183229&id_secret=82147511-c679b9
Powered by Listbox: http://www.listbox.com