spf-discuss
[Top] [All Lists]

Re: Just how many of the boxen really *need* to be in the spf rr

2004-04-01 10:35:34
At 09:18 AM 4/1/2004, Nico Kadel-Garcia wrote:
PTR does not have to match the primary A record. For example, I may refer to my domain as www.merl.com, ftp.merl.com, and "virtualhost.merl.com" with duplicate A records. My PTR can point to only one of those. How do you resolve this?

Suppose that:
A) all three of those hostnames have A records pointing to 10.1.2.3.
B) 10.1.2.3 has a PTR record pointing to www.merl.com.
C) The SPF record for merl.com includes "ptr".

Now a piece of mail comes in from 10.1.2.3, claiming to be from someone(_at_)merl(_dot_)com(_dot_)
1) Look up SPF record for merl.com, find "ptr".
2) Look up PTR for 10.1.2.3, find www.merl.com.
3) Look up A for www.merl.com, find 10.1.2.3.
4) PTR and A records match, so trust the PTR result.
5) PTR result matches merl.com, so SPF passes.

The other two A records have no effect on the process. As long as the name returned by the PTR has a corresponding A pointing to the original IP address, the PTR result is trusted.

Kelson Vibber
SpeedGate Communications <www.speed.net>