In <20040124190611(_dot_)GB30087(_at_)altair(_dot_)ipal(_dot_)net> Phil Howard
<phil-spf-discuss(_at_)ipal(_dot_)net> writes:
Some DNSBLs I've seen used some address as a negative, e.g. always returned
an address, but the value of which specified the semantics. I don't recall
which ones were involved. I'm hoping someone recalls the values commonly
used.
I know of no such DNSBL that uses anything other than NXDOMAIN as the
negative. Such DNSBLs would not work well with existing MTAs that
have built in support for DNSBLs.
I can understand *why* DNSBLs are set up this way. First, it is
easiest just to list known spam sources. Second, you want to be able
to very quickly add new spam sources, but IP addresses that are no
longer spam sources can fade out via the TTL.
These reasons are not well suited for SPF. In many/most cases, theses
pseudo-DNSBLs are not going to change often and changes can be forseen
well in advance.
Fortunately, there is a solution. Use include: instead of exists:.
Instead of using NXDOMAIN and 127.0.0.2, use "-all" and "".
I am thinking about switching trusted-forwarder.org over to this
system for those people who use code new enough to reference
spf.trusted-forwarder.org instead of hard coded references.
-wayne
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡