Philip Gladstone [philip-spf(_at_)gladstonefamily(_dot_)net] wrote:
[...] To fix this, I produced a patch for Mail::SPF::Query. Meng
argues that this should not be part of Mail::SPF::Query, and that is a
valid viewpoint (albeit one that I disagree with ;-) )
The alternative to putting the logic into Mail::SPF::Query is to put it
into Mail::SPFMX::Query which then wraps Mail::SPF::Query. This seems
like a worse solution.
No, there's a third option, which I consider the best one:
The "secondary MX trust check" doesn't have anything to do with SPF or other
filters/checks. Perform this secondary MX trust check separately, and before
doing *any* other checks. If it's one of your secondary MXes, don't try to be
clever, don't perform other checks.
If it's one of your secondary MXes that's calling, you should be able to trust
it. IMO you should always have all your secondary MXes be as strict as your
primary MX. Anything that passes a secondary MXes' checks should also pass the
primary MX'es checks. IMO Asymmetry between MXes' policies is a very bad thing.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)���v¼����ߴ���1I��-�F�qx(_dot_)com