On Mon, May 31, 2004 at 02:15:41AM -0700, Greg Connor wrote:
For example, here is another scenario altogether that might
benefit from a trap mechanism.
mydomain.com: v=spf1 +a +ptr include:comcast.net include:earthlink.net
-all
comcast.net: v=spf1 +a +ptr -all
earthlink.net: v=spf1 +a +ptr -all
Now, let's say what I *really* want is to return "unknown" (neutral) for
Comcast, since I have some users, but there are also a lot of forgeries
coming from there. If Comcast says it is a PASS, maybe I really want to
interpret that as an unknown. In other words, I am going to (include,
redirect, whatever) to comcast, and I'm fishing for a + or ? which I will
treat as a ?, and if I get a - or error I will move to the next fork.
So, what I would like in this case is something like this...
mydomain.com v=spf1 +a +ptr +=? ?=? -=break error=break
redirect=comcast.net redirect=earthlink.net -all
Comments? feedback? flames? :)
Do I understand this correctly, there's a lot of forgery coming from
comcast, forging your domain, but there are a small number of users
legitematly sending email from your domain using comcast's mail servers?
I think the best thing to do would be for the users to connect to your
own mail server, and have them use authenticated smtp, right?
Koen Martens
--
http://www.sonologic.nl/