>The only SPF faliure type that I think needs to be broken out is temperror.
Given the complexity of the rules for interpreting SPF records, it's not out of the question that a reported failure could be due to the reporter interpreting them wrong. For example, each of the included SPF records at microsoft.com ends with ~all, which isn't supposed to end the SPF check, but I wouldn't be surprised if there were some code somewhere that gets it wrong. If you're going to return a different result for tempfail, what reason is there not to return whatever result the SPF checker returned, rather than combining the other various kinds of failures? >For that type you want the DNS RCODE and query type (TXT versus SPF) and the >domain name being looked up to support trouble shooting. I think that this is >probably true for all DNS based auth methods. You're probably right, but it's starting to feel like feature creep. R's, John _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
