IETF Logo Mail Archive

Re: [spfbis] New issue: 8.4. Fail: rejection is not described explicitly

Alessandro Vesely <vesely@tana.it> Mon, 22 April 2013 08:34 UTC

Return-Path: <vesely@tana.it>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C87521F8E84 for <spfbis@ietfa.amsl.com>; Mon, 22 Apr 2013 01:34:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.719
X-Spam-Level:
X-Spam-Status: No, score=-4.719 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XG-+yP5+b31M for <spfbis@ietfa.amsl.com>; Mon, 22 Apr 2013 01:34:01 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) by ietfa.amsl.com (Postfix) with ESMTP id 9CDFD21F8E7A for <spfbis@ietf.org>; Mon, 22 Apr 2013 01:33:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=beta; t=1366619629; bh=ZbPMZxsTCq/t21o+oFPRSaCJ6mG9FfJe4JmmIscuxhA=; l=1206; h=Date:From:To:References:In-Reply-To; b=RVXX9brlneN/fMKSt64vCyKnSSiGK48DYUiTztKip27tFMg8rp1fKtQa7gDcHVaoB xGX5bm9bUirOMFqeuGUitzdfAhW1QuIXywbRW/yXK2ECb6CUu6OrVdQ/wLFAPQv/zh 25TO08UiMCNLsNyy9XKaaH2OiOlgX7+nXKvRFJuU=
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [172.25.197.101] (pcale.tana [172.25.197.101]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by wmail.tana.it with ESMTPA; Mon, 22 Apr 2013 10:33:49 +0200 id 00000000005DC035.000000005174F5ED.000019AD
Message-ID: <5174F5ED.4080303@tana.it>
Date: Mon, 22 Apr 2013 10:33:49 +0200
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: spfbis@ietf.org
References: <51726641.7070606@tana.it> <CAL0qLwb0KzATJ5p3Ca1+0sj5bvYi7wJx-MppnBfyX_UUg_JPzw@mail.gmail.com> <5173BEF0.10707@tana.it> <CAL0qLwaVPhrukwAN88D7Ycb-UJaDivhAn-zugkrdMhJ7D2R2GQ@mail.gmail.com>
In-Reply-To: <CAL0qLwaVPhrukwAN88D7Ycb-UJaDivhAn-zugkrdMhJ7D2R2GQ@mail.gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: Re: [spfbis] New issue: 8.4. Fail: rejection is not described explicitly
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spfbis>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Apr 2013 08:34:02 -0000

On Sun 21/Apr/2013 16:53:49 +0200 Murray S. Kucherawy wrote:
> On Sun, Apr 21, 2013 at 3:26 AM, Alessandro Vesely <vesely@tana.it> wrote:
> 
>>> We should absolutely not discuss DMARC or other layers here.
>>
>> That's what I want to clarify.  SPF does not separate algorithm from
>> policy in the same way that DKIM is separated from ADSP.  How can DMARC
>> specify an interface to the SPF layer if SPF does not provide for one?
>
> RFC5451 is a perfectly good interface.  It works fine for OpenDMARC, for
> example.

Hm... RFC 5451 has phrases like 'if, for example, [SPF] returned as
"pass" result'.  It is not clear whether that refers to the result of
the check_host() function rather than, considering Section 4.2 "Local
Policy Enforcement", the combined result of check_host() and local
policy up to that point in the processing.

As a further example, Section 7.3 of RFC 5518 is formally ambiguous
too, because SPF could produce a "pass" result by validating the
"HELO" identity, and then VBR would be checked against a possibly
spoofed <reverse-path>.

Notwithstanding the loads of gratuitous advice we write, it seems
we're still missing crispy definitions of SPF results :-(

v2.23.0 | Report a Bug | By Email