ietf-asrg
[Top] [All Lists]

Re: [Asrg] misconception in SPF

2012-12-07 12:19:16
On 12/07, Paul Smith wrote:
As a random thought, would there be the possibility to add some sort of
marker on a parent domain to say 'we understand MX records, so we don't use
A records for mail within this domain'? So, if you receive mail from
'bibble.twitter.com', you check the TXT records for 'twitter.com' which tell
you that subdomains/hosts without an MX record won't have mail, and since
there isn't an MX record for 'bibble.twitter.com', you can reject it/treat
it as spoofed.
same as above. MX for bibble.twitter.com is only to receive emails.
Nothing prevents someone(_at_)bibble(_dot_)twitter(_dot_)com to send unless 
you put a
TXT "v=spf1 -all" for it !

But it would help tremendously, without needing to add SPF records
for each host in a domain.

This is because there would be no MX record for
'bibble.twitter.com', so you could assume (because of this 'new
rule') that that sender email address is invalid, because there is
no way of replying to it.

Yes, the MX is for receiving mail only, according to the SMTP
standard, BUT if you work on the assumption that you have to be able
to reply to the sender (which is a common enough assumption), then
it ALSO has to be valid for sending mail.

I think this makes sense, but I think it would make more sense if there was
a way to just specify in the SPF record for, for example, twitter.com, that
all legit senders for all subdomains are included in the highest level SPF
record.  

I don't know, I'm not a huge fan of SPF at this point, I'm not sure it's
worth the work.  

-- 
"Forget not that the earth delights to feel your bare feet and the winds
long to play with your hair." - Kahlil Gibran
http://www.ChaosReigns.com
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg