On Feb 8, 2004, at 4:32 PM, Alex van den Bogaerdt wrote:
Hmm.. maybe
$origin britneyspears.com.
@ IN A 216.166.80.117
TXT "v=spf1 a/24 -all"
* IN A 216.166.80.117
TXT "v=spf1 -all"
which will allow mail from "britneyspears.com" but not from subdomains?
Thank you. So obvious that I totally missed it.
I was misled by was the fact that nowhere on the SPF wizard and web
site does it mention that people must protect their subdomains as well
as the domain itself. Also I've noticed many of the domains that
implement SPF only do so for their top domain. For instance
dig mail.com txt
mail.com. 7h51m1s IN TXT "v=spf1 ip4:205.158.62.0/24
ip4:203.86.166.0/24 ip4:210.177.227.128/28 ip4:203.86.162.160/28
ip4:210.184.92.208/29 ~all"
where as
dig www.mail.com txt
returns no records.
It does little good if everyone just enters the single SPF record for
the domain alone as sidestepping becomes a simple matter. This seems
like a rather large hole that should be plugged by either changing the
spec to allow walking up the list of parent domains, or by updating the
documentation to indicate that domain owners should publish 2 TXT
records at a minimum if they circumstances warrant.
--
K2 // Karl Kraft // karl(_at_)nfox(_dot_)com
To purchase it is not like spending money, but rather it is an
investment in the future, in a blow against the empire
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.7.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡