Add new SPFRetriever extension which support to check if SPF and TXT record are
equals
--------------------------------------------------------------------------------------
Key: JSPF-37
URL: http://issues.apache.org/jira/browse/JSPF-37
Project: jSPF
Issue Type: New Feature
Reporter: Norman Maurer
Assigned To: Norman Maurer
Priority: Minor
Fix For: 0.9b4
We should add a SPFRetriever subclass to check if TXT and SPF record is the
same if a domain publish both.
>From RFC:
An SPF-compliant domain name SHOULD have SPF records of both RR types. A
compliant domain name MUST have a record of at least one type. If a domain has
records of both types, they MUST have identical content. For example, instead
of publishing just one record as in Section 3.1 (Publishing) above, it is
better to publish:
>From IRC:
[13:43] <norman> what we should return if a domain publish an SPF and one TXT
record which are not equal ? PERMERROR ?
[13:56] <grumpy> hi
[13:57] <norman> hi
[13:57] <grumpy> Uh, RFC4408 says you can use either one, your choice
[13:57] <norman> nope..
[13:57] <norman> it says if both are published the MUST be equals
[13:57] <grumpy> there used to be a rule that says you had to return permerror,
but we realized that DNS syncronization errors can make that impossible to
enforce
[13:58] <grumpy> yes, the publisher is supposed to make them equal
[13:58] <grumpy> the receiver, on the other hand, can freely choose either one
[13:58] <norman> so what todo to be RFC conform ? So the RFC is worng ?
[13:59] <grumpy> the publisher is violating the RFC, but the receiver can not
enforce that MUST
[13:59] <norman> so i don't need to check both ?
[13:59] <grumpy> the receiver can choose one or the other or neither
[13:59] <grumpy> no
[14:00] <grumpy> the problem is that you can't ensure that the DNS records for
type99/SPF and TXT will always be in sync
[14:00] <grumpy> one might be cached longer than the other
[14:00] <grumpy> because one might have been fetched without the other being
fetched, or whatever
[14:00] <norman> right-.. so the work can be dropped Shit had should ask
before i start to refactor
[14:01] <grumpy> did you actually find a case where someone published an
SPF/type99 record?
[14:01] <norman> nope... but we develope jspf and want to be fully RFC
compliant before do a 1.0 release.. so i thought we need it
[14:02] <grumpy> you don't need to check type99/SPF records if you don't want
to
[14:02] <grumpy> for right now, it is almost certainly a waste of time
[14:02] <grumpy> that may change in the future
[14:02] <norman> maybe we make configurable
[14:02] <norman> now i know why you guys have no tests for that in the
testsuite
[14:03] <grumpy> there are some cases, microsoft environments in particular,
where it is impossible to check for type99/SPF records, so, yeah, it should be
configurable
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
