Internet Draft
Category: Experimental                                   Mark Lentczner
draft-ietf-marid-spf-2-best-00.txt            Meng Weng Wong, pobox.com
Expires: September 2004                                       July 2004

			   SPF Best Practices

Status of this Memo

   This document is an Internet-Draft and is subject to all provisions
   of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as
   Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other
   documents at any time.  It is inappropriate to use Internet-
   Drafts as reference material or to cite them other than as
   "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/1id-abstracts.html

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html

   This Internet-Draft will expire in September 2004.


Abstract

   This document is part of the Unified SPF series.
   It offers guidelines to SMTP receivers regarding the choice of
   which SPF tests to perform.
   


Table of Contents

   TOC GOES HERE


1. Introduction

   SPF queries against the identities discussed in the other proposals
   [HELO], [mail-from], [pra], and [ptr] have been shown to be useful.
   [SPF Unified] recommends an algorithm to reconcile results when
   more than one identity is tested by SPF.

   This document recommends that SMTP receivers always perform
   SPF tests against certain identities according to their relative
   importance.

1.1 Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in
   this document are to be interpreted as described in [RFC2119].

   This document uses other terminology defined in the [SPF protocol]
   and [SPF Unified] documents.
   
2. Applicability Statement

   Receivers MAY test one or more of the four identities described.

   Receivers:-
   
     -    MAY test the PTR identity
     - SHOULD test the HELO identity
     - SHOULD test the MAIL-FROM identity
     -   MUST test the PRA identity if a SUBMITTER has been provided
                                    before the DATA command.
     
   If the MAIL-FROM identity is the empty address "<>", receivers
   MUST test the HELO identity.

   If both the HELO and the MAIL-FROM identities return a zero result,
   receivers SHOULD test the PTR identity.
    
   If a receiver supports the SUBMITTER parameter, and if a
   SUBMITTER parameter is provided by the client, it MUST test
   the SUBMITTER identity.





Normative References

  [RFC2396]

Informative References

  [RFC1034]
  [RFC1464]
  [RFC2119]
  [RFC2142]
  [RFC2234]
  [RFC2373]
  [RFC2505]
  [RFC2821]
  [RFC2822]



Authors

   Meng Weng Wong
   Singapore
   mengwong+spf@pobox.com

   Mark Lentczner
   1209 Villa Street
   Mountain View, CA 94041
   United States of America
   markl@glyphic.com