Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SPF: Devel

Another Permerror heuristic

 

 

SPF devel RSS feed   Index | Next | Previous | View Threaded


stuart at bmsi

Mar 19, 2008, 11:32 AM

Post #1 of 3 (1921 views)
Permalink
Another Permerror heuristic

When Pyspf get a PermError, it still attempts to get a "best guess" result
by heuristically examining the SPF record. I just realized another simple
addition to its bag of heuristics. When the error is "two or more SPF
records (or TXT records), simply evaluated both, and if the results agree,
that is the best guess - a pretty confident guess at that. I would only
apply this for 2 records, since that would arise in practice when naively
updating SPF records.

In fact, this would be another tweak for SPFv3: only report PermError for
exactly 2 SPF records (v3 should not use TXT) when the results disagree.
If both records get the same result, that is an official result.

--
Stuart D. Gathman <stuart [at] bmsi>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1007/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1007/
Powered by Listbox: http://www.listbox.com


nobody at xyzzy

Mar 20, 2008, 6:18 AM

Post #2 of 3 (1821 views)
Permalink
Re: Another Permerror heuristic [In reply to]

Stuart D. Gathman wrote:

> In fact, this would be another tweak for SPFv3: only report
> PermError for exactly 2 SPF records (v3 should not use TXT)
> when the results disagree. If both records get the same
> result, that is an official result.

As heuristic it is an idea. Generally I'd consider it as rude
and net abuse when senders burden receivers with unnecessary
DNS queries. Receivers rejecting PermError should be free to
consider such scenarios as broken.

For spf2.0/mfrom and variations it is arguably acceptable when
there is a "similar" v=spf1 with a hopefully identical result.
In this case a faster heuristic is to follow RFC 4408, and to
ignore the "spf2.0/mfrom" instead of wasting time with "mfrom"
evaluations.

The spf-eai draft proposes to deprecate any "spf2.0/mfrom" in
favour of v=spf1. For "mfrom" read "mfrom,pra", "pra,mfrom",
or "mfrom", and hopefully at most one these combos. RFC 4406
is just messy.

Frank

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1007/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1007/
Powered by Listbox: http://www.listbox.com


stuart at bmsi

Mar 20, 2008, 1:27 PM

Post #3 of 3 (1826 views)
Permalink
Re: Re: Another Permerror heuristic [In reply to]

On Thu, 20 Mar 2008, Frank Ellermann wrote:

> Stuart D. Gathman wrote:
>
> > In fact, this would be another tweak for SPFv3: only report
> > PermError for exactly 2 SPF records (v3 should not use TXT)
> > when the results disagree. If both records get the same
> > result, that is an official result.
>
> As heuristic it is an idea. Generally I'd consider it as rude
> and net abuse when senders burden receivers with unnecessary
> DNS queries. Receivers rejecting PermError should be free to
> consider such scenarios as broken.

Point taken. So forget the idea for spfv3. The goal for
my mail system is to get a semi-official pass so that I can blacklist
domains with a clear conscience. (And have whitelisting work reliably
even when sender has screwed up their DNS.)

--
Stuart D. Gathman <stuart [at] bmsi>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1007/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1007/
Powered by Listbox: http://www.listbox.com

SPF devel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.