On Thu, 26 May 2005, Carl Hutzler wrote:
I wish there was a way to utilize the relatively large number of SPF records
in a technology like CSV.
We could easily write EHLO guidelines for SPF record checking and
publishing as separate document, kind of like BCP. In fact I'll
keep this in mind and bring it up on spf-discuss when things are
a little more calm from current spf-classic draft discussions.
----
BTW - while we're talking about it, here is an algorithm for you to test:
1. Check if EHLO name is delegated in DNS, if so go to #2, otherwise
skip to the end with result of UNKNOWN
2. Check if EHLO name has corresponding "A" record and if so go to #3
else go to #4
3. Check if "A" record points to the ip of SMTP client, if so result
is PASS, smile and skip to the end. Otherwise proceed to #4
4. Check if EHLO name has an SPF record. If it does, go to #5,
otherwise go to #7
5. Try to do SPF test against EHLO name and client ip.
If result is SPF pass, take it as PASS, smile and skip to the end.
If result is SPF fail, take it as FAIL and skip to the end
If result is SPF softfail, go to #6
If result is SPF neutral or something else, take it as UNKNOWN and
skip to the end
6. Check if EHLO name has one or more MX record. If it has none, then
result is FAIL, skip to the end. Otherwise result is UNKNOWN.
[If it has an MX, its good indication the name is used as domain
and not as a host - most hosts do not have assigned MX]
7. If EHLO name is not TLD then cut down the first component of the name
(i.e. for "host.example.com", cut down "host" to make it "example.com").
Take this new cut name as if it was original EHLO name and proceed to #4
8. THE END
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net