Re: SPF and HELO, was Re: SPF PASS
2005-05-26 12:12:50
wayne wrote:
In <20050526142311(_dot_)O9890(_at_)simone(_dot_)iecc(_dot_)com> "John L"
<johnl(_at_)iecc(_dot_)com> writes:
Yeah. Too bad that among SPF's many flaws is that it completely
confuses the HELO domain and the MAIL FROM domain
No it does not. It checks each independently. See my previous post
to your question.
Could you show me the SPF records I would use to indicate that
mta.example,com is valid as an EHLO but not as a bounce address domain
while example.com is a valid bounce address domain but not an EHLO.
If it'll help, assume they both have an A record of 12.34.56.78.
I'll start off by not answering your quesiton. ;-)
Personally, I would recommend just publishing these SPF records:
example.com TXT "v=spf a -all"
mta.example.com TXT "v=spf a -all"
If you trust the host 12.34.56.78 enough to authorize it to use both
the example.com and mta.example.com domain names, why wouldn't you
trust it enough to use them in the right context?
Ok, now I'll actually answer your question:
example.com TXT "v=spf1 redirect=%{i}._spf.%{d}"
postmaster._spf.example.com TXT "v=spf1 -all"
*._spf.example.com TXT "v=spf1 a -all"
mta.example.com TXT "v=spf1 redirect=%{i}._spf.%{d}"
postmaster._spf.mta.example.com TXT "v=spf1 a -all"
*._spf.mta.example.com TXT "v=spf1 -all"
ugly as sin, and it means that you can't send email using the
postmaster local part, but other wise it works and is well defined
back to Dec 2003 (or earlier).
I stand corrected, it can be done with SPFv1, hats off to Wayne (and I
am going to keep this one for myself to use :)
BTW Ugly as sin is irrelevant, once setup only computers need to read
it, and it can be as ugly and cryptic as necessary, as long as *it works*.
Terry
-wayne
--
Terry Fielder
terry(_at_)greatgulfhomes(_dot_)com
Associate Director Software Development and Deployment
Great Gulf Homes / Ashton Woods Homes
Fax: (416) 441-9085
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: SPF and HELO, was Re: SPF PASS (was: "If you believe that the SPF concept is fundamentally flawed, please subscribe at http://www.imc.org/ietf-mxcomp/"), (continued)
- Re: SPF and HELO, was Re: SPF PASS (was: "If you believe that the SPF concept is fundamentally flawed, please subscribe at http://www.imc.org/ietf-mxcomp/"), John Levine
- Re: SPF and HELO, was Re: SPF PASS, Terry Fielder
- Re: SPF and HELO, was Re: SPF PASS, John L
- Re: SPF and HELO, was Re: SPF PASS, Terry Fielder
- Re: SPF and HELO, was Re: SPF PASS, John L
- Re: SPF and HELO, was Re: SPF PASS, Terry Fielder
- Re: SPF and HELO, was Re: SPF PASS, wayne
- Re: SPF and HELO, was Re: SPF PASS,
Terry Fielder <=
- Re: SPF and HELO, was Re: SPF PASS, wayne
- Re: SPF and HELO, Julian Mehnle
- Re: SPF and HELO, was Re: SPF PASS (was: "If you believe that the SPF concept is fundamentally flawed, please subscribe at http://www.imc.org/ietf-mxcomp/"), Julian Mehnle
- Re: SPF PASS (was: "If you believe that the SPF concept is fundam entally flawed, please subscribe at http://www.imc.org/ietf-mxcomp/"), william(at)elan.net
- Re: SPF PASS (was: "If you believe that the SPF concept is fundam entally flawed, please subscribe at http://www.imc.org/ietf-mxcomp/"), John Levine
- Re: SPF PASS, Terry Fielder
- Re: SPF PASS, william(at)elan.net
- Re: SPF PASS, Terry Fielder
- HELO and MAIL FROM are separate identities; reputation on a per-domain basis instead of per-IP (was: SPF PASS), Julian Mehnle
- Re: SPF PASS, Frank Ellermann
|
|
|