Mailing List Archive

After addition of softfail, and the extra type of unknown, and the
addition of none.

The result of evaluating a SPF record associated with a domain are:

none - the original SPF record does not exist. (subsequent missing SPF
records are 'error')

temperror - some type of temporary failure

error - a permanent error -- such as missing SPF record, parse error,
bad mechanism, record loop

unknown - explicit unknown

softfail - explicit softfail

fail - explicit fail

pass - explicit pass

Note that these may be collapsed onto a smaller set of returns back to
the user of the library/module. Extra information about the result may
also be returned.

Principles:

Any mechanism or modifier that gets error, returns "error".
Any mechanism or modifier that gets temperror, returns "temperror"

Unrecognized modifiers are ignored

The pass/fail/unknown/softfail statuses are generated as the result of a
mechanism evaluation (only). If the mechanism matches, then the result
is determined by the prefix character.

The include mechanism matches only if the included record returns
"pass". [Note that the error & temperror rule still applies]

An SPF record in which no mechanism matches, and no redirect is present,
returns "unknown"

Use by MTA:

On temperror, return 4xx
On fail, return 5xx
on Pass, return 2xx

All other returns: unknown, softfail, error, none
are local policy.

Initially, you are advised to return 2xx for each of these.
If you want to reject more, then return 5xx for softfail

In all cases, the status can be used by downstream content filters.

Philip



-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h