In order to test what is going on, I highly recommend adding an exists:
as the last mechanism before the ?all. Various people have suggested
different sets of parameters to pass -- check the archives for suggestions.
Something like exists:%{s}.%{i}.log._spf.ticketmaster.com
would be simple and effective. It would show the name being spoofed and
the ip address of the spoofer. You should probably verify that it isn't
one of your systems before claiming victory!
In order for this to be useful, your DNS server has to support some type
of logging.
Philip
Mike Batchelor wrote:
I have axfr-dns listening to the same address, so TCP queries are
supported. But Yikes, I don't want to go TCP for SPF.
To the persons suggesting using include: statements and/or ptr: or mx:,
would this be what you had in mind?
@ORIGIN ticketmaster.com.
reply IN TXT "v=spf1 ptr:crm.tmcs.net
include:reply._spf.ticketmaster.com -all"
@ORIGIN _spf.ticketmaster.com.
reply IN TXT "v=spf1 a:lax1bmx1.tmcs.net a:lax1bmx2.tmcs.net
a:chi1bmx1.tmcs.net a:chi1bmx2.tmcs.net -all"
I don't want to do "ptr:tmcs.net" because there are tmcs.net hosts that
should NEVER send emails from reply.ticketmaster.com.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
Wiki:
http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/HomePage
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡