In <20040224214715(_dot_)GR27676(_at_)dumbo(_dot_)pobox(_dot_)com> Meng Weng
Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> writes:
On Tue, Feb 24, 2004 at 03:44:30PM -0600, wayne wrote:
|
| Without checking the envelope-from, you can't safely bounce email. As
| far as I'm concerned, this is A Very Bad Thing. Once you have a known
| good evelope-from, you can do lots of other stuff later on and bounce
| if you reject the email.
|
| Caller-ID and DomainKeys both need something like SPF or SRS+callbacks
| to make them safe to use.
|
Could someone please translate this into an SPF record?
Well, I come up with the following:
v=spf1 ip4:64.4.0.0/18 ip4:64.41.193.0/24 ip4:65.52.0.0/14
ip4:65.54.128.0/17 ip4:65.59.232.0/23 ip4:65.59.234.0/24
ip4:131.107.0.0/16 ip4:157.54.0.0/15 ip4:157.56.0.0/14
ip4:157.60.0.0/16 ip4:167.220.0.0/16 ip4:199.2.137.0/24
ip4:199.103.90.0/23 ip4:204.79.135.0/24 ip4:204.79.188.0/24
ip4:204.79.252.0/24 ip4:204.182.144.0/24 ip4:204.255.244.0/23
ip4:204.95.96.0/20 ip4:206.138.168.0/21 ip4:207.46.0.0/16
ip4:207.68.128.0/18 ip4:207.68.192.0/20 ip4:207.82.250.0/23
ip4:207.82.252.0/23 ip4:209.240.192.0/19 ip4:209.1.112.0/23
ip4:209.185.128.0/23 ip4:209.185.130.0/23 ip4:209.185.240.0/22
ip4:209.1.15.0/24 ip4:216.32.180.0/22 ip4:216.32.240.0/22
ip4:216.33.148.0/22 ip4:216.33.151.0/24 ip4:216.33.236.0/22
ip4:216.33.240.0/22 ip4:216.200.206.0/24 ip4:216.34.51.0/24 ~all
This is 772 characters long, so it would need to be broken up using
include:'s, much like the original C-ID records use <indirect>'s.
When byte-compiled using libspf-alt, this can be encoded using only
240 bytes, which should easily fit in a single DNS packet.
-wayne