On Thursday, January 22, 2015 22:04:59 Franck Martin wrote: > ----- Original Message ----- > > > From: "Scott Kitterman" <[email protected]> > > To: [email protected] > > Sent: Thursday, January 22, 2015 7:16:58 PM > > Subject: Re: [dmarc-ietf] questions on the spec, was ... and two more tiny > > nits, while I'm at it> > > On Friday, January 23, 2015 03:03:28 John Levine wrote: > > > >RFC 7208 doesn't say the HELO result determines anything. It says IF (I > > > >say > > > > > > > >Avoiding a check that has been determined to be pointless is the only > > > >change in this area in RFC 7208. > > > > > > Indeed, and that turns out to be a lot more incompatible than was > > > appreciated at the time. > > > > I'm up to accepting that there's some ambiguity in the language, but I > > don't see any actual incompatibility assuming the ambiguity is resolved > > appropriately. > > > > If one changes "definitive policy result" to "definitive local policy > > result" or > > "definitive receiver policy result" then I think there's no ambiguity. > > > > I'm still a bit boggled that anyone is confused about this, but obviously > > they > > are. > > To try to explain the confusion... > > Well, DKIM is easy, DKIM is valid or is not (I'm excluding temp failures due > to DNS etc..). The DKIM spec tells what the dkim result MUST be, and then > the receiver do whatever with this result. > > With SPF, the spf=pass/fail result (as shown in the authentication-result > header) is not depending on the sender policy as expressed in the SPF > record, but at whatever the receiver policy is...
No. An SPF result is the deterministic. It's a combination of domain, identity, and result. This is always true and always consistent. Where the variation is in what the receiver decides to do. This is exactly the same as DKIM. I think the confusion is that people think SPF does more because of the name and because at one time (pre-RFC) it did. In hind sight, we'd have been much better off to keep the original name: Sender Permitted From. > Usually, a SPEC will tell the receiver what it SHOULD do to define the spf= > status, but instead it seems RFC7208 says put whatever result you feel > like... Therefore different implementations will produce different results. > > I could have an implementation that checks HELO only and check MAILFROM and > ignore the last result to put in the SPF result and that would be in > accordance to RFC7208. I could have an implementation that checks HELO and > MAILFROM, where an helo pass is better than a MAILFROM fail or softfail, to > put SPF=pass as result and that would be still in accordance with RFC7208. > > or I'm mistaken? I think your mistake to insist that there be one and only one defined way to deal with SPF results from both HELO and Mail From and there isn't. Since RFC 7208 doesn't attempt (except in one special case) to dictate to receivers, it's not at all surprising the you fail to find direction on what to do as a receiver. Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
