Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SPF>
  3. Devel
Re: [spf-discuss] Frozen, or just a bit slushy?
wayne at midwestcs
Jan 28, 2004, 6:15 AM
Post #1 of 6 (2664 views)
Permalink
[.note: implementation issues such this should probably be discussed
on the spf-devel list]

In <4017AF65.4090601@phase.org> Wechsler <wechsler@phase.org> writes:

> Last time I ran it (on an older test.txt) it looked like:
> http://www.infinitepenguins.net/SPF/bulktest.html
>
> There are three "discrepancies" with the official results, but no-one
> could explain the reasons for the official results when I last raised
> them.

Test 6 doesn't match because the "default=" modifier is supported in
the perl and C code for backwards compatibility. I could see this
being an "error" for your purposes, although I could also see a
"warning".

Test 75 doesn't match because recursion being too deep should be an
error, not an unknown.

Test 94 should pass, I'm not sure why exactly your implementation
isn't. According to the spf1 spec, you are supposed to use
"postmaster" if no local part is found. The comment in test.txt is
wrong when it says mailer-daemon.


> When I try and run it on the test.txt from M:S:Q 1.99 it copes with
> pretty much everything it can parse.

Yeah, the C code also doesn't pass these later tests, but it is being
worked on.



-wayne

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h
Re: Re: [spf-discuss] Frozen, or just a bit slushy? [ In reply to ]
terry at wayforward
Jan 28, 2004, 8:05 AM
Post #2 of 6 (2627 views)
Permalink
> Test 75 doesn't match because recursion being too deep should be an
> error, not an unknown.
>
>
My take on this is that recursion depth > 20 should result in an
UNKNOWN. The spec says so, and it makes sense that mail shouldn't be
rejected because of an incorrect mechanism.

If you do a 'include:somewhere.com' means that the SPF processing is
out of your control... if 'somewhere.com' messes up, then ALL your mail
will be rejected, and that doesn't sound right.

So, the Perl and Python implementations are WRONG, the tests in M:S:Q
are WRONG.

Cheers!

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h
Re: Re: [spf-discuss] Frozen, or just a bit slushy? [ In reply to ]
jcouzens at obscurity
Jan 28, 2004, 8:15 AM
Post #3 of 6 (2622 views)
Permalink
> My take on this is that recursion depth > 20 should result in an
> UNKNOWN. The spec says so, and it makes sense that mail shouldn't be
> rejected because of an incorrect mechanism.
>
> If you do a 'include:somewhere.com' means that the SPF processing is
> out of your control... if 'somewhere.com' messes up, then ALL your mail
> will be rejected, and that doesn't sound right.

Uhmm.... I beg to differ. If you choose to "include" somewhere else,
its upon your head that you do so. One should not include records that
are not in their control. And if one were to include records from
another domain, one would hope that it would be reputable enough to know
what it is doing. That being said, the current implementation is
perfectly sound. I would treat "including" offsite records as, "Do so
at your own risk".

The underlying goal behind include is to help shorten rules, yes you
could include anyones record, but again, at your own risk IMO.

> So, the Perl and Python implementations are WRONG, the tests in M:S:Q
> are WRONG.

Whatever you say boss.

Cheers,

James
--
James Couzens,
Programmer

Current projects:
http://libspf.org

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ï#ÄÏÉæGã!'Rzš´ˆ»£‡Æ~3com

Attached Files:

Re: Re: [spf-discuss] Frozen, or just a bit slushy? [ In reply to ]
wechsler at phase
Jan 28, 2004, 8:29 AM
Post #4 of 6 (2628 views)
Permalink
James Couzens wrote:

>>My take on this is that recursion depth > 20 should result in an
>>UNKNOWN. The spec says so, and it makes sense that mail shouldn't be
>>rejected because of an incorrect mechanism.
>>
>>If you do a 'include:somewhere.com' means that the SPF processing is
>>out of your control... if 'somewhere.com' messes up, then ALL your mail
>>will be rejected, and that doesn't sound right.
>
>
> Uhmm.... I beg to differ. If you choose to "include" somewhere else,
> its upon your head that you do so. One should not include records that
> are not in their control. And if one were to include records from
> another domain, one would hope that it would be reputable enough to know
> what it is doing. That being said, the current implementation is
> perfectly sound. I would treat "including" offsite records as, "Do so
> at your own risk".

Well I'm going to back... erm, Terence Way apparently (please don't
remove attributions when quoting!)

If your own record becomes unavailable, your mail all gets "unknown".
There is no reason that the unavailability of a third party's record
should have any worse consequences than that.

"include" is designed to allow safe inclusion of "my ISP". It must
therefore be explicitly fail-safe for third-party usage. I do not expect
a DDOS on some third- or fourth- party DNS server to affect my email.


AS it happens, the test in question fails not because of genuine
recursion error, but because it has the string "include" with no
parameters, which as far as I'm concerned is an undefined behaviour.

The fact that my parser tries to include the parent record and Meng's
just skips it is just a difference of approach.

Wechsler

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h
Re: Re: [spf-discuss] Frozen, or just a bit slushy? [ In reply to ]
mengwong at dumbo
Jan 28, 2004, 9:13 AM
Post #5 of 6 (2606 views)
Permalink
On Wed, Jan 28, 2004 at 10:05:05AM -0500, Terence Way wrote:
| My take on this is that recursion depth > 20 should result in an
| UNKNOWN. The spec says so, and it makes sense that mail shouldn't be
| rejected because of an incorrect mechanism.

I think this confusion will be resolved once we add Philip Gladstone's
new error states.

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h
Re: Re: [spf-discuss] Frozen, or just a bit slushy? [ In reply to ]
terry at wayforward
Jan 28, 2004, 9:18 AM
Post #6 of 6 (2600 views)
Permalink
> AS it happens, the test in question fails not because of genuine
> recursion error, but because it has the string "include" with no
> parameters, which as far as I'm concerned is an undefined behaviour.
>

This reminds me of my favorite quote:
"Let's not cloud the issue with facts"

Okay, good point: 'include' as a mechanism by itself is a good test of how
an implementation parses mechanisms: most mechanisms have *optional*
arguments, like 'a' vs 'a:dingus.com'

But surely this isn't 'undefined' behaviour: unknown or unparsable
mechanisms should result in an UNKNOWN.

Cheers!

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ï#ÄÏÉæGHÝÜîU;±¤Þ¬bÆß®2x.com

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal