[ietf-smtp] RFC 8601, clarification needed

David Bürgin <dbuergin@gluet.ch> Sun, 23 May 2021 10:26 UTC

Return-Path: <dbuergin@gluet.ch>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 530133A1058 for <ietf-smtp@ietfa.amsl.com>; Sun, 23 May 2021 03:26:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gluet.ch
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id yj1Z0J_KhBWb for <ietf-smtp@ietfa.amsl.com>; Sun, 23 May 2021 03:26:01 -0700 (PDT)
Received: from mail.gluet.ch (mail.gluet.ch []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E6D33A1057 for <ietf-smtp@ietf.org>; Sun, 23 May 2021 03:26:01 -0700 (PDT)
Received: from devrim (unknown [IPv6:2a02:1206:4548:1a20:1aef:5cd6:aaee:6aaf]) by mail.gluet.ch (Postfix) with ESMTPSA id 457BE400D309; Sun, 23 May 2021 12:25:59 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gluet.ch; s=2020; t=1621765559; bh=i/iMg8VQYh6sPV88yAgu3zsB6m3l86v4MjaqV31ExdI=; h=Date:From:To:Subject:From; b=BM8egv9GrDRjQULAcU94Lr6rut02kVQCgNYTB6MfbboQxztEjRQvKkPB1TkbBkz3a 0T6xzwiKLAgwd4dMA26saRzrFODRT+tZ4Vf+9Ae61qqfghMbZ/0XJMp1zmgL7IPubY zxKfjM1CaNBVGO5398CLLtt1ycm768PqI7IdFFWNB/OFN6icNOshsI0WDWri+stzB4 QnDEjOBGnoDxdR3XScN/+tcMUOoxQYT+VSZjBk6j9FOUZDrEREhIlV2eP74f3AYoZd te3cmwYPBU+Ahw0wOiI+dyBWVjvtwgCuJOsj6SvsZ9+16ulc7V+KhRpQyRJDWqxzqc DFfhaQDVssRIQ==
Date: Sun, 23 May 2021 12:25:59 +0200
From: David =?utf-8?Q?B=C3=BCrgin?= <dbuergin@gluet.ch>
To: superuser@gmail.com, ietf-smtp@ietf.org
Message-ID: <20210523102559.GA15383@devrim>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/CaIjba2H81UxNPun_yHnK1oSbPI>
Subject: [ietf-smtp] RFC 8601, clarification needed
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 May 2021 10:27:16 -0000

Section 4 of RFC 8601 contains the following paragraph:

    Most known message authentication methods focus on a particular
    identifier to evaluate.  SPF differs in that it can yield a result
    based on more than one identifier; specifically, SPF can evaluate the
    RFC5321.HELO parameter or the RFC5321.MailFrom parameter.  When
    generating this field to report those results, only the parameter
    that yielded the result is included.

The final sentence is unclear to me. Suppose I’m running an SPF
component that evaluates *both* RFC5321.HELO and RFC5321.MailFrom, as
recommended by RFC 7208. I would like to record the results for both
parameters in either of the following (equivalent) forms:


Authentication-Results: mail.example.org; spf=pass smtp.mailfrom=example.com
Authentication-Results: mail.example.org; spf=pass smtp.helo=mail.example.com


Authentication-Results: mail.example.org;
  spf=pass smtp.helo=mail.example.com;
  spf=pass smtp.mailfrom=example.com

A subsequent component could then use these results as input to some
spam score, for example.

Are the above forms allowed? If not, why not? What requirement does the
sentence ‘When generating this field to report those results, only the
parameter that yielded the result is included.’ refer to?

Thank you!