On Sat, Oct 25, 2003 at 09:56:37PM -0400, Meng Weng Wong wrote:
|
| I am however adding two more mechanisms, RHS and PTRHS.
|
I got yelled at once already by Gordon Fecyk for making SPF too
complex. I hope this doesn't mark the beginning of featuritis.
RHS is for RHSBL blacklists. PTRHS is for whitelisting.
I don't expect many domains to actually publish them, but they're
present for symmetry. They were trivial to code. Their real use is for
SPF clients to express almost all of the best-guess algorithm as a
directive-set in pure SPF:
a mx ptr
ptrhs:wl.trusted-forwarder.org
pi:wl.trusted-forwarder.org
rhs:spamdomains.blackholes.easynet.nl
this way, wl.trusted-forwarder.org can operate as an RHSWL and DNSWL.
------------------------------------------------------------------------
3.9 RHS
------------------------------------------------------------------------
Valid syntax:
- rhs:example.net
Construct a domain label by prepending the <current-domain> to the
provided argument.
Perform an A lookup on the resulting label. A response constitutes a
match.
3.3.1 Example
"v=spf1 rhs:blacklist.example.net default=allow"
Let the <current-domain> be example.com.
A(example.com.blacklist.example.net) returns 127.0.0.2.
This constitutes a match.
Note that the implicit mechanism prefix is "!" because the default is
"allow".
------------------------------------------------------------------------
3.10 PTRHS
------------------------------------------------------------------------
Valid syntax:
- ptrhs:example.net
Construct a domain label by prepending the validated PTR domain name
of the client IP to the provided argument. The validation procedure
is described in section 3.3.
Perform an A lookup on the resulting label. A response constitutes a
match.
If no validated hostname is found, this mechanism does not return a
match.
3.3.1 Example
"v=spf1 ptrhs:whitelist.example.net default=deny"
Let the client IP be 192.0.2.1.
Let 192.0.2.1 have a PTR record for mx01.example.com.
Let mx01.example.com have an A record for 192.0.2.1.
The name mx01.example.com is therefore valid.
A(mx01.example.com.whitelist.example.net) returns 127.0.0.2.
This constitutes a match.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡