[ http://issues.apache.org/jira/browse/JSPF-37?page=all ]
Norman Maurer resolved JSPF-37.
-------------------------------
Resolution: Fixed
> Add new SPFRetriever extension which support to check if SPF and TXT record
> are equals
> --------------------------------------------------------------------------------------
>
> Key: JSPF-37
> URL: http://issues.apache.org/jira/browse/JSPF-37
> Project: jSPF
> Issue Type: New Feature
> Reporter: Norman Maurer
> Assigned To: Norman Maurer
> Priority: Minor
> Fix For: 0.9b4
>
>
> We should add a SPFRetriever subclass to check if TXT and SPF record is the
> same if a domain publish both.
> From RFC:
> An SPF-compliant domain name SHOULD have SPF records of both RR types. A
> compliant domain name MUST have a record of at least one type. If a domain
> has records of both types, they MUST have identical content. For example,
> instead of publishing just one record as in Section 3.1 (Publishing) above,
> it is better to publish:
> From IRC:
> [13:43] <norman> what we should return if a domain publish an SPF and one TXT
> record which are not equal ? PERMERROR ?
> [13:56] <grumpy> hi
> [13:57] <norman> hi
> [13:57] <grumpy> Uh, RFC4408 says you can use either one, your choice
> [13:57] <norman> nope..
> [13:57] <norman> it says if both are published the MUST be equals
> [13:57] <grumpy> there used to be a rule that says you had to return
> permerror, but we realized that DNS syncronization errors can make that
> impossible to enforce
> [13:58] <grumpy> yes, the publisher is supposed to make them equal
> [13:58] <grumpy> the receiver, on the other hand, can freely choose either
> one
> [13:58] <norman> so what todo to be RFC conform ? So the RFC is worng ?
> [13:59] <grumpy> the publisher is violating the RFC, but the receiver can not
> enforce that MUST
> [13:59] <norman> so i don't need to check both ?
> [13:59] <grumpy> the receiver can choose one or the other or neither
> [13:59] <grumpy> no
> [14:00] <grumpy> the problem is that you can't ensure that the DNS records
> for type99/SPF and TXT will always be in sync
> [14:00] <grumpy> one might be cached longer than the other
> [14:00] <grumpy> because one might have been fetched without the other being
> fetched, or whatever
> [14:00] <norman> right-.. so the work can be dropped Shit had should ask
> before i start to refactor
> [14:01] <grumpy> did you actually find a case where someone published an
> SPF/type99 record?
> [14:01] <norman> nope... but we develope jspf and want to be fully RFC
> compliant before do a 1.0 release.. so i thought we need it
> [14:02] <grumpy> you don't need to check type99/SPF records if you don't want
> to
> [14:02] <grumpy> for right now, it is almost certainly a waste of time
> [14:02] <grumpy> that may change in the future
> [14:02] <norman> maybe we make configurable
> [14:02] <norman> now i know why you guys have no tests for that in the
> testsuite
> [14:03] <grumpy> there are some cases, microsoft environments in particular,
> where it is impossible to check for type99/SPF records, so, yeah, it should
> be configurable
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
