On Sat, Nov 29, 2003 at 03:16:37PM +0000, Mark wrote:
|
| ... IN TXT "v=spf1 +mx -all report(_at_)ñÁAÍ°¶Ä3¾O̪éßø"
|
| Pardon my ignorance in these matters, as I am rather new to this, but in the
| new draft I, again, encountered this:
|
| 3.2.0.192.in-addr._spf.example.com
|
| I thought they had done away with spf in-addr-arpa records? I got the
| distinct impression that, from now on, everything would be done with the
| single TXT record. Am I mistaken?
The macro notation and the "exists" mechanism combine to make a number
of things possible.
Suppose you're happily running with "v=spf1 a mx -all".
You wake up one morning and decide you want to know who's trying to
forge your address. You change the record:
"v=spf1 a mx exists:ip.%{i}.u.%{u}._spf.example.com -all"
Because there's nothing defined in the _spf domain, the "exists"
mechanism is guaranteed to not match. But every time a bad guy forges
mail to an SPF receiver, your DNS logs will show it.
Suppose you find out that it's not a bad guy forging mail --- it's your
CEO. You can set up a specific record to let the CEO get SPF approval,
and keep denying everybody else.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.6.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡