On Sat, May 15, 2004 at 05:03:29AM -0700, Adam Hunt wrote:
Let's say a broadband ISP such as Speakeasy.net decides to publish SPF
data that says that mail claiming to be from speakeasy.net
(*(_at_)speakeasy(_dot_)net) is only authentic if it comes from
mx01.speakeasy.net
or mx02.speakeasy.net. Speakeasy is a "cool" ISP that lets its
subscribers to run whatever servers/services they want to over their DSL
connection. Now lets say that Billy Bob, one of Speakeasy's subscribers
chooses to run a mail server for his vanity domain BillyBobsCrib.net
that is hosted via his DSL connection. If I understand this (and I may
not) Speakeasy's SPF record isn't in any way preventing Billy Bob from
running his MX for BillyBobsCrib.net. The only thing it prevents him
from doing is directly originating mail from speakeasy.net (without
going through Speakeasy's POP, IMAP or shell server).
Does the above sound somewhat correct?
--adam
This sounds correct to me although I don't use Speakeasy's DSL
services. I use SBC/Yahoo DSL with a static subnet for my house and run
mail, web and DNS services. I also have reverse DNS control of my IP
space as well so a reverse lookup returns my domain not SBC/Yahoo's.
However if Speakeasy where to modify their SPF record to include
any PTR records that resolved to their domains, or also A records, then
provided the "techie" using their service could in theory send email
with his *(_at_)speakeasy(_dot_)net address and it be accept'd. It just depends
how
tightly Speakeasy (or any broadband provider for that matter) want'd to
restrict their SPF entry.
Being as in your example Billy Bob was gonna send email with his
vanity domain then the SPF-compliant receiving MTA would look for SPF
records under the vanity domain not under Speakeasy.
Regards,
Jeremy