We recently published SPF records for several domains we host. A scheme of
this sort that's actually at the "Lets encourage people to try it out"
stage was very attractive, since spammers have started forging our primary
domain name. A lot.
Chances are good some of our users are sending through other ISPs, so we're
not ready to add "-all" to the record just yet. Yesterday I implemented
the method suggested by the FAQ to find remote users. Our
record currently ends with "exists:%{u}.%{i}._spf.speed.net ?all".
In the day since we turned this on, we've had 6 hits, but only two have
actually included the username. The rest only show up as queries for
ipaddress._spf.speed.net. We can't tell whether those other messages were
from valid remote users or from spammers.
My guesses:
- Some SPF implementations don't expand %{u}
- Some SPF implementations will only expand one macro per query
- Some SPF implementations will do multi-step exists: lookups (i.e. make
sure %{i}._spf.speed.net exists before trying %{u}.%{i}._spf.speed.net)
- Mail with just @speed.net as the envelope sender is getting handed to SPF
instead of being rejected for having a malformed address.
- I have configured something wrong.
So I've got a couple of questions:
1. Is right before "?all" the right place to put exists: for these purposes?
2. Should I create a wildcard under _spf.speed.net and change it to "?exists:"?
3. Should I just assume some clients will only make partial lookups and not
worry about it?
Thanks in advance!
Kelson Vibber
SpeedGate Communications <www.speed.net>
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡