On Fri, 8 Jul 2005, John Hinton wrote:
For comparison, I "guess" the following default record for any domain
with no SPF record: "v=spf1 a mx ptr ?all".
I'm not sure I follow the reasoning in the above example.. are you
saying to put in 'a mx ptr' with no additional information, or saying to
put in domain info like:
a:example.com mx:example.com ptr:example.com
Which seems to me would/could break things badly?
If you have:
example.com IN TXT "v=spf1 a mx ptr ?all"
Then that is equivalent to:
example.com IN TXT "v=spf1 a:example.com mx:example.com ptr:example.com ?all"
and
example.org IN TXT "v=spf1 a:example.org mx:example.org ptr:example.org ?all"
With no arg, the a,mx,ptr mechanisms default to the domain being evaluated.
So, all the MX servers are allowed to send outgoing mail.
For instance, mail.example.com is allowed. And all servers
with a name available via reverse DNS that ends in .example.com
(e.g. smtpout.example.com) are allowed.
Since the default is ?all, no mail will be rejected, and nothing will
break. You can use the same record for all your customers. If you
can *automatically* add additional info, then go for it.
If your customer wants a -all default, they will have to determine
*all* of their outging MTAs for the domain - or else pay you to do
the research.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.