On Thu, Oct 16, 2003 at 04:49:07PM -0500, wayne wrote:
|
| Option two: Domain owners could add "!dnsl:wl.trusted-forwarder.org"
| to their SPF specs. They could also add any other DNSWLs that they
| trust to be well maintained.
|
This would be the preferred option; hardcoding things into libraries is
so blah. On one hand it'll be hard to get domains to add that to their
lookups; on the other hand I worry about the VeriSign scenario. Is
there a better way?
In an ideal world we could give the "legit forgers" a clearly defined
termination date by which time they have to switch to a new way of doing
things. Until that date we'd all do "softdeny" instead of "deny". But
that's not realistic. Tough problem.
Also, finding out who the legit forwarders are, and reaching and
educating them, will be a challenge. We need the media on our side.
The philly.com "email me this article" isn't such a big deal but people
really care about eBay.
* * *
BTW, I am renaming the "dnsl" mechanism to save a byte or two.
The new name is "PI".
It stands for "reversed IP".
No, really!
* * *
Latest news: I am publishing new-style records locally to test the new
version of Mail::SPF::Query against. In TinyDNS I have:
'policy._smtp_client.01.spf1-test.mailzone.com:v=spf1
:60
'policy._smtp_client.02.spf1-test.mailzone.com:v=spf1
default=deny :60
'policy._smtp_client.03.spf1-test.mailzone.com:v=spf1
default=softdeny:60
'policy._smtp_client.05.spf1-test.mailzone.com:v=spf1
default=bogus :60
'policy._smtp_client.06.spf1-test.mailzone.com:v=spf1
default=unknown :60
'policy._smtp_client.07.spf1-test.mailzone.com:v=spf2
default=bogus :60
'policy._smtp_client.10.spf1-test.mailzone.com:v=spf1 mx
default=softdeny:60
'policy._smtp_client.11.spf1-test.mailzone.com:v=spf1 mx:pobox.com
default=softdeny:60
'policy._smtp_client.12.spf1-test.mailzone.com:v=spf1 mx mx:pobox.com
default=softdeny:60
'policy._smtp_client.13.spf1-test.mailzone.com:v=spf1 mx:pobox.com
mx:fallback-relay.pobox.com default=softdeny:60
'policy._smtp_client.14.spf1-test.mailzone.com:v=spf1 mx mx:pobox.com
mx:fallback-relay.pobox.com default=softdeny:60
'policy._smtp_client.20.spf1-test.mailzone.com:v=spf1 a
default=softdeny:60
'policy._smtp_client.21.spf1-test.mailzone.com:v=spf1 a:pobox.com
default=softdeny:60
'policy._smtp_client.22.spf1-test.mailzone.com:v=spf1 a a:pobox.com
default=softdeny:60
'policy._smtp_client.30.spf1-test.mailzone.com:v=spf1 ptr
default=softdeny:60
'policy._smtp_client.31.spf1-test.mailzone.com:v=spf1 ptr:pobox.com
default=softdeny:60
'policy._smtp_client.32.spf1-test.mailzone.com:v=spf1 ptr ptr:pobox.com
default=softdeny:60
'policy._smtp_client.40.spf1-test.mailzone.com:v=spf1 pi
default=softdeny:60
'policy._smtp_client.41.spf1-test.mailzone.com:v=spf1
pi:_smtp_client.pobox.com default=softdeny:60
'policy._smtp_client.42.spf1-test.mailzone.com:v=spf1 pi
pi:_smtp_client.pobox.com default=softdeny:60
'policy._smtp_client.50.spf1-test.mailzone.com:v=spf1 include
default=softdeny:60
'policy._smtp_client.51.spf1-test.mailzone.com:v=spf1 include:pobox.com
default=softdeny:60
'policy._smtp_client.60.spf1-test.mailzone.com:v=spf1 scope
default=softdeny:60
'policy._smtp_client.61.spf1-test.mailzone.com:v=spf1 scope=
default=softdeny:60
'policy._smtp_client.62.spf1-test.mailzone.com:v=spf1 scope=envelope
default=softdeny:60
'policy._smtp_client.63.spf1-test.mailzone.com:v=spf1 scope=header-from
default=softdeny:60
'policy._smtp_client.64.spf1-test.mailzone.com:v=spf1 scope=errors-to
default=softdeny:60
'policy._smtp_client.65.spf1-test.mailzone.com:v=spf1
scope=envelope,header-from default=softdeny:60
'policy._smtp_client.66.spf1-test.mailzone.com:v=spf1 scope=,header-from
default=softdeny:60
'policy._smtp_client.70.spf1-test.mailzone.com:v=spf1
LocalPart\072rlp\072+-(_at_)_smtp_local(_dot_)example(_dot_)com
default=softdeny:60
You guys should be able to reach those from here.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡