ietf-asrg
[Top] [All Lists]

Re: [Asrg] misconception in SPF

2012-12-07 10:23:13
2012/12/7 Paul Smith <paul(_at_)pscs(_dot_)co(_dot_)uk>:

This problem is really due to the (IMHO horrible) allowance for an A record
to be sufficient for mail delivery. However, it would be quite hard to
remove that allowance nowadays. I don't know the stats for how many email
addresses use A records for delivery rather than MX, but I'd guess its a
significant number.

I think you are confused about the MX on the receiver side and the A
record of the sender !
Mails are sent to MX for a domain but the sender has not to have a MX
record to send !

The problem here is that the sender uses a forged address which has an
A record. What you said is that the recipient should not be an A
record and should be an MX. They are two different things !

As a random thought, would there be the possibility to add some sort of
marker on a parent domain to say 'we understand MX records, so we don't use
A records for mail within this domain'? So, if you receive mail from
'bibble.twitter.com', you check the TXT records for 'twitter.com' which tell
you that subdomains/hosts without an MX record won't have mail, and since
there isn't an MX record for 'bibble.twitter.com', you can reject it/treat
it as spoofed.

same as above. MX for bibble.twitter.com is only to receive emails.
Nothing prevents someone(_at_)bibble(_dot_)twitter(_dot_)com to send unless you 
put a
TXT "v=spf1 -all" for it !
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg