On Sat, Oct 18, 2003 at 09:22:26AM -0700, Mark Lentczner wrote:
| > Domains wishing to describe themselves as SPF-compliant MUST
| > publish the following record:
| >
| > ${DOMAIN} IN TXT "directive-set"
|
| I don't think it is clear which DNS name the main domain TXT record is
| supposed to be published under. Should it be:
Here's the new text.
2. Designating SMTP Clients
Participating domains publish SPF records to indicate that only
certain hosts are permitted to claim they are sending mail from that
domain.
When this document says a domain has "designated" a host, that
domain name has permitted that host to use the domain's name when
sending mail. The scope of that permission may vary according to
the domain's stated policies, which could specify one or more of the
envelope sender address, the HELO/EHLO command, the header From:
address, or the header Errors-To: address.
Individual users can specify different policies.
2.1 The policy record
Domains wishing to describe themselves as SPF-compliant MUST
publish the following record:
${DOMAIN} IN TXT "directive-set"
"directive-set" obeys the following ABNF syntax:
directive-set = 'v=spf1' *Mechanism [ SP 'scope=' Scopes ]
Default [ Explanation ]
Default = SP 'default=' ( 'unknown' / 'allow'
/ 'deny' / 'softdeny' )
Scopes = Scope [ ',' Scopes ]
Scope = [ 'envelope' / 'header-from' / 'errors-to' ]
Explanation = 'exp=' *( VCHAR / SP )
; the explanation string is subject to macro
; interpolation.
Mechanism = SP [mechanism-prefix ]
( MX / A / PTR / PI / IP4 / IP6 / Include
/ LocalPart / Extension )
MX = 'mx' [ ':' domain ]
A = 'a' [ ':' domain ]
PTR = 'ptr' [ ':' domain ]
PI = 'pi' [ ':' dot-domain ]
Include = 'include' ':' domain
LocalPart = 'localpart' ':' [ localpart-mechanism ]
mechanism-prefix = ( "+" / "-" / "!" / "?" )
; this corresponds to the shorthands
; defined in section 2.3.2.
Extension = *VCHAR ; non-whitespace string that is
; clearly distinct from other directives.
domain = standard DNS domain name, eg. as defined in RFC1034
dot-domain = ( '.' ) <domain>
IP4 = 'ip4' ':' ip4-cidr
IP6 = 'ip6' ':' ip6-cidr
ip4-cidr = < ipv4-address-prefix > ; eg. "127.0.0.1/8"
ip6-cidr = < ipv6-address-prefix >
; as in RFC2373, eg. 12AB:0:0:CD30::/60
localpart-mechanism is defined in section 3.5.
This document refers to records of this kind as primary records.
Note that the use of the TXT query-type for SPF may be obsoleted in
the future by a new DNS Resource Record Type. If that time comes,
domain administrators MUST be prepared to upgrade.
2.1.1 Examples
example.com IN TXT "v=spf1 default=deny"
If the <current-domain> is example.com, SPF clients perform a TXT
query on example.com. The following TXT results are valid syntax:
"v=spf1 default=deny"
"v=spf1 mx default=deny"
"v=spf1 a mx ptr pi default=deny exp=This is a test of SPF"
"v=spf1 a:example.com mx:example.org ptr:example.net
pi:.example.com scope=envelope,header-from
default=deny exp=This is a test of SPF"
2.2 The _smtp_client subdomain.
Domains may create TXT and A records in a special subdomain called
"_smtp_client".
This subdomain is hereby reserved for domains to publish SMTP
policies which they request mail receivers to respect.
Domains participating in SPF MAY be REQUIRED to respond to A or TXT
queries under the _smtp_client subdomain, depending on how they have
configured their primary SPF response.
2.3 Modifiers
Modifiers use an = sign as the separator. Modifiers MUST NOT appear
multiple times: for example, "default=deny default=softdeny" is an
invalid construct.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡