Douglas Otis wrote:
Both wildcard and non-wildcard records need to be placed at _every_
valid node existing within the zone.
Yes, thanks for the correction, the wildcard counts as "at", not as
"below". I had that wrong. But the opposite was hopefully okay, a
wildcard above an existing node isn't visible at or below this node.
IOW to cover everything below x.example you'd need wildcards at all
existing nodes below x plus x itself. For SPF it was simpler to
ignore the issue, nodes without MX and without IP anyway can't send
mail, or rather they can try, but it's possible to reject this crap.
For SPF you only need wildcards where they already are (MX, A, or
AAAA).
No recipe for SSP unfortunately, nobody checks 2822-From addresses
for plausibility at the MX, rejecting anything that can't be okay.
Frank
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html