I'd like to summarise the discussion (at the point that I left) with
regard to pass/fail/error/unknown statuses.
Principles:
If the initial domain of the sender does not have an SPF record (and
there is no local policy override), then the result is "unknown".
Any syntax error, missing record, unrecognized mechanism etc, dns
failure, is "error"
Any mechanism or modifier that finds an error, returns "error".
Unrecognized modifiers are ignored
The pass/fail/unknown statuses are generated as the result of a
mechanism evaluation. If the mechanism matches, then the result is
determined by the prefix character.
The include mechanism matches only if the included record returns
"pass". [Note that the error rule still applies]
* Note that softfail (if brought back) can be merged in easily in this
scheme.
* There is no distinction between permanent errors and temporary DNS
errors. I don't think that this is a serious problem
Was this refined further last night?
The biggest change that I see right now from the way that things
currently work, is that unknown mechanisms would return error rather
than unknown. I prefer this as it makes all errors behave in the same way.
Philip
--
Philip Gladstone
* Check out the live pondcam at http://pond.gladstonefamily.net
-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h
regard to pass/fail/error/unknown statuses.
Principles:
If the initial domain of the sender does not have an SPF record (and
there is no local policy override), then the result is "unknown".
Any syntax error, missing record, unrecognized mechanism etc, dns
failure, is "error"
Any mechanism or modifier that finds an error, returns "error".
Unrecognized modifiers are ignored
The pass/fail/unknown statuses are generated as the result of a
mechanism evaluation. If the mechanism matches, then the result is
determined by the prefix character.
The include mechanism matches only if the included record returns
"pass". [Note that the error rule still applies]
* Note that softfail (if brought back) can be merged in easily in this
scheme.
* There is no distinction between permanent errors and temporary DNS
errors. I don't think that this is a serious problem
Was this refined further last night?
The biggest change that I see right now from the way that things
currently work, is that unknown mechanisms would return error rather
than unknown. I prefer this as it makes all errors behave in the same way.
Philip
--
Philip Gladstone
* Check out the live pondcam at http://pond.gladstonefamily.net
-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h