On Thu, 6 May 2004, Dustin D. Trammell wrote:
There were originally a few mechanisms being discussed for such a
purpose, but I believe they've been removed from the spec (for now).
The mechanisms were 'pgp', 'smime', and 'dk', for PGP, S/MIME, and
DomainKeys (respectively). Using these mechanisms (and assuming that
the receiving implementations know what to do with them, your record
would be something like one of these:
cam.ac.uk IN TXT v=spf1 pgp -all
cam.ac.uk IN TXT v=spf1 smime -all
cam.ac.uk IN TXT v=spf1 dk -all
The "ses" mechanism we were talking about recently would fit into this
scheme nicely.
The aim of my post was to point out that SPF should have a way of
specifying different policies for HELO and MAIL FROM. Another example,
for those who believe in the MARID way:
(HELO) No machines may legitimately say HELO cam.ac.uk.
(ENV) All email from an @cam.ac.uk address comes from a ppsw.cam.ac.uk
machine. (That name has multiple IP addresses.)
Though I suppose it's OK for my SPF record to say that a ppsw machine may
say HELO cam.ac.uk if they are under my control and never actually use
that permission. However I like my configurations to say what I mean them
to :-)
--
Tony Finch <dot(_at_)dotat(_dot_)at> http://dotat.at/