[I did a brief survey of the archives and couldn't any related ]
[discussions. Pardon me if this has been discussed before. ]
SPF in its current form implements a method for domain name administrators
to express policy through TXT records in the domain name space. SPF
could reasonably be extended to express policy for IP space administrators
through TXT records in the IN-ADDR.ARPA name space, e.g:
1.168.192.in-addr.arpa. IN TXT "v=spf1 -all"
would mean that *no* hosts in 192.168.1.0/24 are authorized to initiate SMTP
sessions. Of course, not all SPF modifiers would be applicable to TXT
records in IN-ADDR.ARPA and some additional modifiers may be necessary
to provide complete policy expression, but I believe that this would be an
excellent method for NSPs and ISPs to publish IP space policy.
To the above zone, one could add:
1.1.168.192.in-addr.arpa. IN TXT "v=spf1 +all"
to allow SMTP from 192.168.1.1 or possibly:
1.168.192.in-addr.arpa. IN TXT "v=spf1 ip4:192.168.1.1 -all"
or
1.168.192.in-addr.arpa. IN TXT "v=spf1 a:smtp.example.com -all"
where smtp.example.com resolves to 192.168.1.1.
BTW, AFAIK, there are no prohibitions against TXT records in IN-ADDR.ARPA.
This is an idea that popped into my head in a reply to the SPAM-L list.
If I'm all wet, pardon the intrusion.
--
Bob Poortinga K9SQL
Technology Service Corp.
Bloomington, Indiana US