Home | Sitemap | Recent Changes | Login

SPF Logo

Sender Policy Framework

History/SPF-2003

The idea that became the core of SPF was first intoduced in 1997 and developed as RMX and DMP drafts in 2002 and early 2003, you can read more about these events here.

SPF Project history starts in June 2003 and you can read on this page how in 2003 SPF protocol was developed from its origin with DMP into comprehensive v=spf1 syntax:


June 10 2003 - Meng Weng Wong starts SPF-discuss mail list
In June 2003 Meng Weng Wong posted the very first version of "Sender Permitted From" as a first message on new mail list. This text is clearly a derivitive of DMP (90% same text as version 02 of dsprotocol draft with version incrimented to 03 for SPF). The format of SPF record is then:
${ADDRESS}.${ADDR-TYPE}._smtp_client.${DOMAINNAME}. TXT "spf=allow"
New additions not found in DMP are introduction of redirection by means of MX records:
*._smtp_client.${DOMAINNAME}. MX 0 ${OTHERDOMAINNAME}
and "SPF-Received" header field (not really describeed that well) and reference to Sender Rewriting Scheme at web address http://spf.pobox.com/srs/ (this was started by Meng a bit earlier then SPF itself).
The last version of SPF draft designed entirely as extension of DMP is still available on SPF website as draft-fecyk-dsprotocol-03.txt
August 2003
August 18, 2003 – "mx operator" option proposed by Wayne Schlitt
This maybe the first post by Wayne Schlitt to SPF, he introduces idea of what later become SPF "mx" operator. Proposed syntax is: *._smtp_client TXT "spf=mx-only"
August 19, 2003 – "spf include" option proposed by David Saez
David Saez introduces "spf-include" option which also served as a start of when SPF become more then just "spf=allow" syntax. Proposed syntax is: spf-include = otherdomain.com
September 2003
The ideas for multiple operator options are slowly taking shape and in this post you can now see "mx", "a" and a default (i.e. "all") operators: "permit:mx; permit:a=designated-mailers.DOMAIN; permit:spf; include:OTHERDOMAIN; deny:default". At the same time as you can see from the message ASRG is proposing coordinated effort to unify all "MAIL FROM" proposals merging ideas from all authors.
October 2003
October 1, 2003 - Start of ASRG MAIL FROM proposals unification effort
Meng lets people on spf-discuss know that he agreed to merge SPF into unified proposal for checking MAIL FROM to be developed under as part of ASRG. However development effort on SPF itself continues as spf-discuss is a public discussion list open to all where as ASRG was trying to do this as private discussion group with only published draft authors participating.
October 8, 2003 - Use of new RR instead of TXT proposed
Paul Wouters urges to use new DNS RR type instead of overloading TXT record. Meng ten days later also says SPF needs new RR type: [1]
October 10, 2003 - SPF begins to resemble what you now know as v=spf1
Meng Weng Wong posts new concept unifying ideas posted by people on the list over previous 2 months and then syntax begins to look more like SPF (v=spf1) you see today.
Among the things mentioned are:
  • "v=spf1" to indicate SPF "policy" record in TXT SPF records are to be placed in specially reserved for its purposes prefix policy._smtp_client.domain.com instead of DMP style $ip.in-addr._smtp_client.domain.com
  • SPF directives in the "v=spf1" record are described as "[Negation] Mechanism ... [Scope] Default [Explanation]" (Scope, Default, Explanation are called modifiers, everything else before that are mechanisms).
    • The list of mechanism at the time is :
      MX | A | PTR | DNSL | IPv4 | IPv6 | INCLUDE | LocalPart
    • Scope modifer is described as
      scope: "envelope" | "header-from" | "errors-to"
    • Default values are described in more detail and now include:
      "softdeny" (which we know know as "~" softfail) | "unknown" | "deny" | "allow"
  • Explanation ("exp=") is added as one of SPF modifiers
An example of SPF record proposed at that time is:
"v=spf1 mx ptr:example.net dnsl:example.com default=deny exp=test of SPF"
 
       Wayne says SPF records can be used for things other then just email

http://archives.listbox.com/spf-discuss@v2.listbox.com/200310/0205.html

       On Oct 18 2003 Meng posts latest version of new SPF draft which
       described full concept he introduced on Oct 10th (see above):

http://archives.listbox.com/spf-discuss@v2.listbox.com/200310/0275.html

       Of interest of what is mentioned there are:
         Scope = [ 'envelope' / 'header-from' / 'errors-to' ]
           (note: possibility of EHLO prefix is also mentioned in document)
         Mechanism = [mechanism-prefix ]
                     ( MX / A / PTR / PI / IP4 / IP6 / Include /
                       LocalPart / Extension )
         Mechanism-prefix = ( "+" / "-" / "!" / "?" )
         Default value can be full name can be short mechanism-prefix:
             "v=spf1 default=deny" OR "v=spf1 default=!"
             "v=spf1 default=softdeny" OR "v=spf1 default=-"
             "v=spf1 default=unknown" OR "v=spf1 default=?"
             "v=spf1 default=allow" OR "v=spf1 default=+"
         Received-SPF header is specified with 5 possible values:
             pass, error, unknown, fail, softfail
         "_smtp_client" prefix is now used for placement of SPF records
         Also here is example of what LocalPart meant then:
           LocalPart of "rlp=+- bob+foo-bar@example.com" would resolve to
           bar.foo.bob.lp._smtp_client.example.com
       On Oct 18 Mark Lentzner joined SPF and he immediatly had number of
                 comments in regards to irregularities with proposed syntax

http://archives.listbox.com/spf-discuss@v2.listbox.com/200310/0276.html

http://archives.listbox.com/spf-discuss@v2.listbox.com/200310/0278.html

         As a result of his comments and irregularities in text Meng
         changed it so that checks are now done directly at domain
         instead of _smtp_client prefix
       On Oct 27 2003 Philip Gladstone introduces idea of macros as
                      a replacement for LocalPart syntax:

http://archives.listbox.com/spf-discuss@v2.listbox.com/200310/0465.html

       As a result of the Oct 18th posted draft there are lots and lots of
       suggestions of how it could be improved - October 2003 was a busy
       month for SPF based on archives. I have read < 10%, but it clearly
       appears the real birth of what is now SPF was in that month.
       Meng also mentioned that new syntax in the way he introduced it is
       primarily result of his talks during RMX unification effort at ASRG:

http://archives.listbox.com/spf-discuss@v2.listbox.com/200310/0389.html


As you can find in the next history page describing start of SPF project in 2003, the first version of SPF looked very much like above DMP draft.


Edit text of this page | View other revisions
Last edited 2006-05-16 2:46 (UTC) by Julian Mehnle (diff)