2012/12/10 Chris Lewis <clewis+ietf(_at_)mustelids(_dot_)ca>:
You mean like this?
_spf.google.com. 300 IN TXT "v=spf1
include:_netblocks.google.com ?all"
google´s domain for sending mail is gmail.com.
gmail.com is a virtual domain with no subdomains (afaik) and is mapped
onto google, so if you check the senders no aa(_at_)bb(_dot_)gmail(_dot_)com
could pass
even using SPF or not.
as you said, if you dig:
dig -t txt gmail.com
;; ANSWER SECTION:
gmail.com. 244 IN TXT "v=spf1
redirect=_spf.google.com"
dig -t txt _spf.google.com
;; ANSWER SECTION:
_spf.google.com. 300 IN TXT "v=spf1
include:_netblocks.google.com ?all"
if you dig a bit more:
dig -t txt www.google.com
you get no answer because there is not SPF record for www.google.com,
so you can forge emails as if they come from www.google.com even if
there exists an SPF record for google.com !
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg