Re: Options for the ID Command

On Tue, 17 May 2005 16:42:27 PDT, David MacQuigg said:

>     ID  bigforwarder.com
>     MAIL FROM:<bob(_at_)sales(_dot_)some-company(_dot_)com>
>
> Checking the TXT record at _AUTH.bigforwarder.com.ID-check.net gets a 
> response:
>
>     svc=S1:A,M2:A,H1+:B  dmn=QR1,SPF1+5,DK2
>     QR1=ip4:?170(24.30.23;24.28.200;24.28.204;24.30.18;24.93.47;24.25.9),
>       +4(65.24.5.120;24.94.166.28;24.29.109.84;66.75.162.68;24.24.2.12)
>     DK2=dk:MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAKJ2lzDLZ8XlVambQfMXn3LRGKOD5
>       o6lMIgulclWjZwP56LRqdg5ZX15bhc/GsvW8xW/R5Sh1NnkJNyL/cqY1a+GzzL47t7
>       EXzVc+nRLWT1kwTvFNGIoAUsFUq+J6+OprwIDAQAB
>
> The supported methods are QR1, SPF1, and DK2.  QR1 makes no demands on any 
> other identities.  It just says "Any IP outside these blocks is not 
> us."  SPF1 requires that either the MAIL FROM or the HELO identity match 
> the declared Identity, and DK2 calls for a signature check using the public 
> key provided in this record.
You're *still* missing the point.  All you've done is pushed it into a *huge* 
DNS
record.  Or multiple huge DNS entries, more likely.

Describe how to configure this to support the following:

1) 3 domains test1.com through test3.com, which could each be sourced from
either mail-out.testN.com or bigforwarder.com. Test1.com and test2.com support 
SPF, test3.com doesnt..
In addition, test1 and test3 support your AUTH scheme, but test2.com doesnt.

2) In addition, bigforwarder.com is the only host for test4.net through 
test6.net, each
of which has a separate DomainKey.

How many _AUTH entries did you need here?

OK. That too simple?

Describe how to do it for Postini or Comcast.

pgptIqVaMz6LZ.pgp
Description: PGP signature