On Wednesday, October 05, 2011 03:51:35 PM John Levine wrote: > >The only SPF faliure type that I think needs to be broken out is > >temperror. > Given the complexity of the rules for interpreting SPF records, it's not > out of the question that a reported failure could be due to the reporter > interpreting them wrong. For example, each of the included SPF records > at microsoft.com ends with ~all, which isn't supposed to end the SPF > check, but I wouldn't be surprised if there were some code somewhere that > gets it wrong. > > If you're going to return a different result for tempfail, what reason > is there not to return whatever result the SPF checker returned, rather > than combining the other various kinds of failures?
I think temperror for all the relevant auth methods refers to some kind of DNS error, so it's different. Other than that, I think the SPF results all need the same information (result and record(s)), so I don't think they need to be broken out. > >For that type you want the DNS RCODE and query type (TXT versus SPF) and > >the domain name being looked up to support trouble shooting. I think > >that this is probably true for all DNS based auth methods. > > You're probably right, but it's starting to feel like feature creep. Agreed. It would be nice, but it's not essential. If we don't provide DNS information for temperror, then there's no need to break out the different types of SPF failures the information you want is the same, the record (and what domain it was from). I think it would be generally useful, but it is added complexity. I'm not sure if it's worth it. Which brings up another point: spf-dns = "SPF-DNS:" [CFWS] quoted-string [CFWS] CRLF should probably be: spf-dns = "SPF-DNS:" [CFWS] domain ":" [CFWS] quoted-string [CFWS] CRLF so in the case of multiple records being returned it's clear where they came from. Scott K _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
