Re: [spfbis] WGLC: draft-ietf-spfbis-4408bis-14

[Scott Kitterman <spf2@kitterman.com>]

Alessandro Vesely <vesely@tana.it> wrote:

> On Sun 21/Apr/2013 00:06:00 +0200 Scott Kitterman wrote:
>> On Thursday, April 18, 2013 07:44:13 PM Alessandro Vesely wrote:
>>> On Wed 17/Apr/2013 03:51:07 +0200 Scott Kitterman wrote:
>>>> On Tuesday, April 09, 2013 02:24:32 AM Andrew Sullivan wrote:
>
>>>>> WGLC will close at 2014-04-24 00:00 UTC.
>>>>
>>>> Just as a reminder, we're ~half way through the WGLC period
>>>
>>> Oh, you mean the close date was a typo?
>> 
>> No.  April 17 is roughly half way between April 9 and April 24.
>
>Of 2013... ;-)
>
>>> 6.1. *redirect: Redirected Query*
>>>
>>> There is no statement on whether redirect= can be applied by an
>>> "include" mechanism.
>> 
>> I don't understand the question?
>
>Section 6 says:
>
> These two modifiers MUST NOT appear in a record more than once each.
>
>So it seems it is possible to specify "redirect" in one or more
>included
>records, as well as in redirected record.  Defining the redirect during
>a recursive call looks less safe and is not common.  Is it legal?

Yes. I don't think we need to be explicit about it.  It's rare and I think the existing text is sufficient. 
>
>>> 10.1.2. Administrator's Considerations
>>>
>>>  changes are common, it is better to use the less resource intensive
>>>  mechanisms like "ip4" and "ip6" over "a" or "a" or "mx".
>>>
>>> s/"a" or "mx"/"a" over "mx"/
>>>
>>>  The hostname is generally the identity used in the 5321.HELO/.EHLO
>>>  command.  In the case of messages with a null 5321.MailFrom, this
>is
>>>  used as the domain for 5321.MailFrom SPF checks, in addition to
>being
>>>  used in 5321.HELO/.EHLO based SPF checks.
>>>
>>> "hostname" is called "domain" in the previous paragraph, and the
>long
>>> slash-dot form of the names is used.  In addition to reword that, it
>>> may be worth to note that x@relay.example.com can be used as an
>>> address even if there's no corresponding MX.
>> 
>> I'm not sure what you're after here, would you please provide text so
>I can 
>> better understand?  Also, due to the implicit MX fallback to A, any
>host with 
>> an A record can receiver mail, so I don't understand why "evern if
>there's no 
>> MX" is relevant to anything.
>
>Perhaps:
>
> Domain names can refer to both individual hosts or mail domains.
> Albeit "HELO" identities happen to be individual hosts more frequently
> than "MAIL FROM", either can be used to form an email address, and
> "HELO" can be the only identity available.  A standard SPF record
> for an individual host that is involved in mail sending is:
>
>?

Generally v=spf1 a -all works. One can also specify the IP address directly with ip4/ip6.  I don't see a need to add text about this.

>>> H.4.  Policy For SPF Temperror
>>>
>>>    The "temperror" result (see Section 2.6.6) indicates the SPF
>>>    processing module at the receiver could not retrieve and SPF
>policy
>...........................................................^^^
>>>    [...]
>> 
>> How's that?
>
>WFM,  albeit lengthy. 

Agreed. If I'd had more time I'd have written something shorter. Given where we are in the process, text highly parallel to the permerror text the group's already reviewed seemed best.

Thanks for reviewing. 

Scott K