--On 1 July 2009 11:12:13 -0400 Dotzero <dotzero(_at_)gmail(_dot_)com> wrote:
On Wed, Jul 1, 2009 at 11:00 AM, John Leslie<john(_at_)jlc(_dot_)net> wrote:
That's closer... But I'd argue that no SPF construct "authorizes"
sending email. In practice, I think it's quite clear that SPF constructs
merely express probabilities.
What is the probability that you will receive legitimate email
originating from ibm.com?
ibm.com text = "v=spf1 -all"
Nil. They don't use the domain for outbound email. They use country
specific subdomains like @uk.ibm.com.
I'm not sure why they publish MX records for @ibm.com - perhaps they have
some initial contact addresses @ibm.com, but don't reply using that domain.
It's very sensible of them to use the -all spf record, adding a little
protection for their brand reputation.
Alternatively, this is a massive cock-up and a huge potential
embarrassment. I don't think so, though. Our logs from June show no inbound
email (either accepted or rejected) from the @ibm.com domain, but
a few dozen emails from @uk.ibm.com and some from the 'be', 'ca', 'us',
'jp', 'hu' subdomains of ibm.com.
Exercise for the reader: why aren't spammers using the @ibm.com domain?
IT Services, University of Sussex
For new support requests, see http://www.sussex.ac.uk/its/help/
Asrg mailing list