From: Kelson Vibber
Sent: Wednesday, March 31, 2004 11:47 AM
At 05:53 PM 3/30/2004, James H. Cloos Jr. wrote:
(I don't want to use ptr because I've seen endless spam -- mostly coming
from Korean ipv4s -- where the ptr was falsely set to match the
domain the
mail claimed to be from....)
In theory, an SPF client should verify this with a forward
lookup. If you
have ptr in the SPF record for example.com, and someone tries to
send mail
to you from an IP address that claims to be host.example.com, the client
should then look up host.example.com to see if it matches.
I'm not up-to-date on the SPF RFC, but is this forward lookup part of the
spec? If not, it probably should be. Many mail clients do this as part of
their local IP heuristics anyway, so it wouldn't be adding overhead to any
well-configured site.
--
Seth Goodman