Mark Lentczner wrote:
On Feb 8, 2004, at 3:13 PM, Karl Kraft wrote:
Also I've noticed many of the domains that implement SPF only do so
for their top domain.
...
It does little good if everyone just enters the single SPF record for
the domain alone as sidestepping becomes a simple matter.
This is only an issue for a domain if it accepts mail addressed to
arbitrary subdomains. Many (most?) domains won't accept such mail. For
example, at glyphic.com, we don't accept mail for www.glyphic.com, or
ziggy.glyphic.com or such.
I'm not clear on why this isn't an issue. Let's say I get mail that
claims to be from ziggy.glyphic.com. If I do a lookup on that machine,
but don't step up to the parent domain, I don't have an SPF record to
judge the validity of the message by. Maybe I'm just unclear on the
concept, or missing something really obvious here.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.7.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡