----- Original Message -----
From: "Kelson Vibber" <kelson(_at_)speed(_dot_)net>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Wednesday, March 31, 2004 12:46 PM
Subject: Re: [spf-discuss] Just how many of the boxen really *need* to be in
the spf rr
At 05:53 PM 3/30/2004, James H. Cloos Jr. wrote:
(I don't want to use ptr because I've seen endless spam -- mostly coming
from Korean ipv4s -- where the ptr was falsely set to match the domain
the
mail claimed to be from....)
In theory, an SPF client should verify this with a forward lookup. If you
have ptr in the SPF record for example.com, and someone tries to send mail
to you from an IP address that claims to be host.example.com, the client
should then look up host.example.com to see if it matches.
Kelson Vibber
SpeedGate Communications <www.speed.net>
PTR does not have to match the primary A record. For example, I may refer to
my domain as www.merl.com, ftp.merl.com, and "virtualhost.merl.com" with
duplicate A records. My PTR can point to only one of those. How do you
resolve this?
And when someone makes a mistake in matching PTR to A records, you have to
deal with that robustly.
Also, I believe that misusing PTR records to point to someone else's domain
host is something that the DNS top-level registrars will frown on and act on
quickly, unlike their classically reluctant response to spammer's faked
registration information.