On Sun, 14 Dec 2003, Brian Hatch wrote:
If I say 'allow PTR', then it does check both the PTR and the
A to make sure there's a valid match, correct?
Yes, from the latest draft:
First <sending-host>'s name is looked up using this procedure:
perform a PTR lookup against the <sending-host>'s IP. For each
record returned, validate the host name by looking up its IP address.
If the <sending-host>'s IP is among the returned IP addresses, then
that host name is validated.
Check all validated hostnames to see if they end in the <target-name>
domain. If any do, this mechanism matches. If no validated hostname
can be found, or if none of the validated hostnames end in the
<target-name>, this mechanism fails to match.
So yes, it does a standard "double lookup" (in Apache terminology) to
verify that the PTR matches an A record. (I had this same question last
week and looked it up in the spec :))
Tim Wilde
--
Tim Wilde
twilde(_at_)dyndns(_dot_)org
Systems Administrator
Dynamic DNS Network Services
http://www.dyndns.org/
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.3.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡