Spf Pobox wrote:
I've checked carefully, and looks like no one else has posted this
here
Another anti-spoof RFC proposal
http://serverauthority.net/draft-lorenzen-marid-mxout-00.txt
BTW I'm not that keen on it at first sight, but need more time to
fully consider before being more detailed.
It appears to me that this proposal requires a PTR record pointing to
something.mxout.example.com for each mail server authorised to send mail for
example.com. Suppose though that a mail server is an authorised server for
many domains, such as an ISP smarthost that is authorised to send for all of
the ISP's customers' domains. That would require multiple (possibly thousands)
of PTR records for that mail server, e.g.
PTR mx1.mxout.customer1.com.
PTR mx1.mxout.customer2.com.
PTR mx1.mxout.customer3.com.
PTR mx1.mxout.customer4.com.
PTR mx1.mxout.customer5.com.
...
PTR mx1.mxout.customern.com.
Whilst this may be "legal", it certainly isn't desirable. This also requires
anyone checking for .mxout. conformance to grab *all* PTR records for an IP
and potentially have to check every single one of them until it finds a match,
which would be a lot of work and would require a lot of (TCP) bandwidth. Much
existing PTR-checking code will return only the first PTR record found, and
would probably need fixing.
Perhaps I've missed something?
Paul.