On Dec 6, 2012 at 16:05 -0300, Christian Grunfeld wrote:
=>Something I found about SPF. I don't know if it is new to you but it
=>is worth of explanation !
=>
=>As in all the tutorials of SPF, one stays relaxed when lists hosts/ips
=>that are authorized to send for the domain and then finally closes
=>with -all. This is true only for that domain but if there are hosts or
=>subdomains with A records, they must enforce SPF policies ! (this is
=>not explicit in RFC or at least confusing).
See <http://www.openspf.org/FAQ/The_demon_question> and
<http://www.openspf.org/FAQ/Common_mistakes#all-domains>
Note I have not followed the above at $WORKPLACE or my personal domains,
because I would also want to follow RFC 6652 - Sender Policy Framework
(SPF) Authentication Failure Reporting Using the Abuse Reporting Format.
The problem is I don't want to publish MX records on all of the domains
and then configure the MX server to handle the thousands of new
"domains" to support the ra modifier since it (ra) can't specify the
domain part. (I understand why it was done this way, but don't see how
it scales with the this issue (SPF for non-mail sending domains).
--
***********************************************************************
Derek Diget Office of Information Technology
Western Michigan University - Kalamazoo Michigan USA - www.wmich.edu/
***********************************************************************
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg