[ First off, sorry about the double post - Mail.app (Mac OS X) hung
while sending it - when I restarted, Mail.app sent it again (just to be
sure? Who knows, it didn't ask me or inform me!) ]
Domains wishing to describe themselves as SPF-compliant MUST
publish the following record:
${DOMAIN} IN TXT "directive-set"
I don't think it is clear which DNS name the main domain TXT record is
supposed to be published under. Should it be:
1) foo.com IN TXT "v=spf1 ..."
2) or _smtp_client.foo.com IN TXT "v=spf1 ..."
3) or *._smtp_client.foo.com IN TXT "v=spf1 ..."
4) or magic_initial_thing._smpty_client.foo.com IN TXT "v=spf1 ..."
I'm assuming 2, but I don't think that is at all clear from the
document. The SPF client description doesn't make this clear. Section
2.3.1 indicates how the SPF client picks a domain to check, but doesn't
make it clear how this maps into the SPF client's first query. I
suspect the implication is to look up the TXT record for
"_smtp_client.${DOMAIN}", but that doesn't appear to be stated anywhere
in the document. Section 2.1 sort of implies it, but again, this
initial query isn't spelled out.
Note that subsequent SPF queries, due to "pi", or "localpart"
mechanisms are made very clear. Subsequent queries due to "include"
mechanism suffer from the same problem, as that is like doing an
initial query on the domain.
- Mark
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡