Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SPF>
  3. Devel
The case for "the right amount"â„¢ of (AKA fewer) result codes (was: new result values: none, neutral, and softfail)
lists at mehnle
Jan 30, 2004, 5:15 AM
Post #1 of 4 (2483 views)
Permalink
Meng Weng Wong [mengwong@dumbo.pobox.com] wrote:
> Hey guys, I cleared up some confusion in the return codes --- the old
> "unknown" conflated two concepts, an explicit "?" and an error state
> caused by parsing / interpretation problems. They have been
> disambiguated into "neutral" ("?") and "unknown".
>
> Functionally they are identical so this change is fully backward
> compatible with existing libraries.
>
> I also added two new return codes, "none" and "softfail" as per
> discussion earlier this week.

Do we really need so many result codes? I don't think so.

Now, we have "pass", "neutral", "softfail", "fail", "none", and "unknown".

Consider an SPF tester asking the envelope sender domain the question: "What shall I do with a message being sent from $IP_ADDRESS but stating as coming from $DOMAIN?"

The answer...
* "pass" means "pass",
* "neutral" means "I won't tell you what to do with it",
* "softfail" means "this message didn't originate from us, but please treat it mildly",
* "fail" means "fail",
* "none" means "no SPF record available",
* "unknown" means "zr54-$sd#fs" (i.e. an error occurred).

This is not only partly redundant and unnecessarily detailed, the result code names are also confusing and maybe even misleading.

"pass", "fail", and "softfail" do make perfect sense, I think.

What's the difference between "neutral" and "none"? They both mean "the result is unknown". I don't think "none" and "neutral" make much sense as answers to the question of an MTA doing an SPF test.

"unknown" really means "an error occurred".

Of course, as suggested, one can collapse this multitude of codes into a smaller set of return codes, but it isn't clearly specified *how* to do this. This is very bad!


To give some *constructive* criticism, I'll make an alternative proposal:

An SPF tester returns a result code, and an optional error code.

The result code...
* "pass" means "pass",
* "softfail" means "this message didn't originate from us, but please treat it mildly",
* "fail" means "fail",
* "unknown" means "I won't tell you what to do with it" or
"no SPF record available" or
"zr54-$sd#fs" (i.e. an error occurred).

The error code...
* "defined" means "the result code could be determined without problems from an existing SPF record",
* "undefined" means "no SPF record available",
* "temperror" means "a temporary error occurred, please retry again later if possible, otherwise reject",
* "error" means "a permanent error occurred, with little chance of not occurring again later".

That way, the answer, i.e. the supposed action of the MTA doing an SPF test with regard to the message being tested, is clearly separate from *why* that answer was given.

In almost all cases, SPF testers will (and should) not really be interested in *why* a specific answer was given, but only in *what* the answer is.

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ï#ÄÏÉæGã!'Rzš´ˆ»£‡Æ~3com
RE: The case for "the right amount"â„¢ of (AKA fewer) result codes [ In reply to ]
lists at mehnle
Jan 30, 2004, 5:25 AM
Post #2 of 4 (2430 views)
Permalink
Julian Mehnle [lists@mehnle.net] wrote:
> To give some *constructive* criticism, I'll make an alternative
> proposal:
>
> An SPF tester returns a result code, and an optional error code.
>
> The result code...
> * "pass" means "pass",
> * "softfail" means "this message didn't originate from us, but please treat it mildly",
> * "fail" means "fail",
> * "unknown" means "I won't tell you what to do with it" or
> "no SPF record available" or
> "zr54-$sd#fs" (i.e. an error occurred).
>
> The error code...
> * "defined" means "the result code could be determined without problems from an existing SPF record",
> * "undefined" means "no SPF record available",
> * "temperror" means "a temporary error occurred, please retry again later if possible, otherwise reject",
> * "error" means "a permanent error occurred, with little chance of not occurring again later".

First, *if* we wanted to allow the SPF tester being told "retry later", there better should be a "retry" *result* code, to maintain the separation of result codes and error codes.

Second, I'm coming to believe that allowing something like "retry" is a bad idea. That way, domain owners or message authors (e.g. spammers) could cause the classification of a message to be postponed forever, and we certainly don't want that.

Conclusion: strike "temperror", and make the "error" error code simply mean "an error occurred".

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ï#ÄÏÉæGã!'Rzš´ˆ»£‡Æ~3com
Re: The case for "the right amount"â„¢ of (AKA fewer) result codes [ In reply to ]
wechsler at phase
Jan 30, 2004, 5:27 AM
Post #3 of 4 (2456 views)
Permalink
Julian Mehnle wrote:

> In almost all cases, SPF testers will (and should) not really be interested in *why* a specific answer was given, but only in *what* the answer is.

I would suggest then that "almost all" SPF testers/users can collapse
the response into one of the categories you suggest, but for those who
really need exact data, having the full set is useful (and has, I think,
helped me to see the point of bringing '~' back).


From another angle, consider HTTP. Result codes are grouped into
hundred-series for state, and have precise meaning for debugging purpose.

However the infinte wisdom of Microsoft has chosen to lump all errors
into a "somthing went wrong" browser-generated page that generally
obscures any useful debugging information that the server might produce.
The result is that users contacting technical support say "Something's
broken, fix it immediately" and techies, unable to process the error,
swear at Microsoft and lose sanity and hair.

Properly differentiated, single part, single word result codes are a
good thing; reasons strings appended therafter are useful but secondary.
IMHO.

> In almost all cases, SPF testers will (and should) not really be
> interested in *why* a specific answer was given, but only in *what*
> the answer is.

Personally I'd say that this is true not of SPF *testers*, but of SPF
*users*. Admins and testers need all available data.

Wechsler

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ë`Ì{5¤¨wâÇSÓ°)h
RE: The case for "the right amount"â„¢ of (AKA fewer) result codes [ In reply to ]
lists at mehnle
Jan 30, 2004, 5:40 AM
Post #4 of 4 (2453 views)
Permalink
Wechsler [wechsler@phase.org] wrote:
> I would suggest then that "almost all" SPF testers/users can collapse
> the response into one of the categories you suggest, but for those who
> really need exact data, having the full set is useful (and has, I think,
> helped me to see the point of bringing '~' back).

But this collapsing needs to be clearly defined and should not be left to site policy. The SPF standards not only needs to specify a lot of information about the SPF record, but also *what* to do with a message. Otherwise, we might see widespread arbitrarification (and thus misuse, due to ignorance) of SPF result codes.

> Properly differentiated, single part, single word result codes are a
> good thing; reasons strings appended therafter are useful but secondary.
> IMHO.

I don't agree. The set of result codes in M:S:Q 1.991 answer different questions, and that's not good.

> > In almost all cases, SPF testers will (and should) not really be
> > interested in *why* a specific answer was given, but only in *what*
> > the answer is.
>
> Personally I'd say that this is true not of SPF *testers*, but of SPF
> *users*. Admins and testers need all available data.

I never suggested making the information *not* available. I suggested giving *separate* *error* codes so as not to mix up answers to the question "what to do with the message?" with answers to the question "why?".

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@Ï#ÄÏÉæGã!'Rzš´ˆ»£‡Æ~3com

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal