Phillip brings up a very good point here because if the desire for
wildcards is to make it easy for sites to indicate where mail *does not*
come from for hosts under their domain, then this application is pretty
moot because every sane MTA on the planet /already/ rejects mail for this
there is no resolvable FQDN (why bother accepting a message if you know up
front you couldn't ever reply to it).
On Thu, 26 Aug 2004, Hallam-Baker, Phillip wrote:
While David is right, there is also the corollary that *.example.com
will only match nodes that do not exist at all. So there are two issues,
do wildcards work as expected, is the wildcard useful at all. The matching
behavior means that the wildcard is not useful for the use cases given.
i.e. if we have
*.example.com. IN TXT "v=spf1 ..."
Will match _marid.b.example.com, b.example.com but not a.example.com
regardless of whether a has TXT records or not.
So you can't use a wildcard to give a default SPF record for DNS
names of hosts that exist. Only the hosts that don't exist will match.
I don't know what happens for _marid.a.example.com, I think it should
not match but one of the DNS people can say for sure.
IF _marid.a.example.com did match the wildcard then it would be a way
to make the wildcards useful.