Re: [spfbis] Local macros strike again, was Suggestion...

[Hector Santos <hsantos@isdg.net>]

Scott Kitterman wrote:

>> Who?
>>
>> This must be completed isolated.
>>
>> I have a hard time understanding why would any system screw around
>> with a guessing game  of "SPF default record" with completely not
>> possibility for actual accuracy and yet, expect there would not be
>> problem or rather begin to use this as some basis that something is
>> broken about SPF!  I don't get it Doug. This would is already random.
>> I see no way to presume there is a default SPF record without falling
>> into trouble.
>>
>> Now, if it was fundamentally the case that Senders *always* used an
>> machine among the Receiveer network of MX host IP addresses, then I
>> can see some default rules.  Sure.  But that is not reality. There is
>> no requirement that a Sender machine must be part of any RECEIVER (MX)
>> network.  This applies closer to smaller systems but not with larger
>> network systems and not even with smaller systems.
>>
>> I just don't see why you think this has any value.
> 
> The SPF "Best Guess" approach was supported early in SPF development 
> (2003/2004) as a method to help bootstrap the protocol.  At the time, it was 
> clearly described as something that was only even potentially useful for 
> making positive assertions.  If someone based SPF rejections on a Best Guess 
> record they were very mistaken.  I don't doubt this happened, but I don't 
> think it's fundamentally an issue with the SPF protocol.  

Well, I recall something about, but since it only made sense to me 
from a LOCAL POLICY and accumulated KNOWN of domain information, not 
applied to anonymous system, we must of been on different wave lengths.

There is no logic when its applied to anonymous senders and the only 
conceivable rule is one based on an integrated multi-behavior MTA 
sender/receiver "All-In-One" machine/network. In other words, 
something like our own system that is a single MTA with multiple 
rules, receiver/router/sender.   Its a MSA when the user authenticates 
and mail is received, its a MDA when the user DOES NOT authenticate 
for local mail only reception and a thread does the routing for remote 
mail feeding it to the sender thread(s).   So such a rule would apply 
to us, but I assume it to be the case for other systems.

I agree, if such a MX/24 best guess rule is applied, it can only be 
used, at best, for passing. But if one tries to work a fail or soft 
results, IMO, that is completely wrong to do since there is simply no 
requirement for the sender/receiver to be associated via MX.  MX is 
for receiving only. Its not about sending. I recall the IETF-SMTP 
crowd a while back making a strong point of this to me when I was 
winging an ideal of using MX names formatted with sender IP 
address/mask information - a way to get information about the senders 
using an existing set of information most likely to exist for correct 
SMTP setups. I only thought about it because our own system is 
all-in-one multi-threaded receiver/sender/router.  So for 99% of our 
SMTP customers, the sender IP is the going to be among the MX IPs they 
have setup.

> The most that 4408bis might want to deal with the practice is to explicitly 
> tell people not to make up SPF records for senders.

+1, good idea because it doesn't make sense for anonymous senders. 
However, I do see value when you known the sender but they don't have 
an SPF record and you know for sure they have a fixed DOMAIN::IP 
association as I pointed out to Doug with DIP rules.  Just a method to 
white list known senders with known domain/ip associations.  I don't 
know if that should mentioned or not. But its not SPF, IMO.

-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com