The developers guide on http://spf.pobox.com/developers-guide.html indicates
that a good stragegy would be to have a fallback domain and I was wondering
if anyone had a list of fallback domains & their "fallback" policy already
built?
Perhaps another way to tackle this, and to make it easier for updates & central
admin for the "consensus" fallback domains, would be to have some reputable
domain
that the community trusts not to generate malicious policy records (perhaps
pobox.com)
and have them create a sub-domain for storing the fallback policies.
yahoo.com.fallback._spf.pobox.com TXT v=spf1 ptr -all
-any-.yahoo.com.fallback._spf.pobox.com TXT v=spf1 ptr:yahoo.com -all
slow.to.update.co.uk.fallback._spf.pobox.com TXT v=spf1 ip4:200.200.200.0/24
-all
_any_.fallback._spf.pobox.com TXT v=spf1 a/24 mx/24 ptr ?all
The -any- least signficiant child domain equates to the wildcard "*" for the
purposes
of matching these domains.
To reduce traffic and overhead, these records could be setup with some long TTL
since the SPF recommendation is to check for the authorised SPF policy in the
domain
and only fallback to the other when it fails.
Certainly for our implementation we are probably going to go with this
technique because
it would allow us to control the fallback domains without having to ship an
updated control
file to all our customers.
Can anyone see a reason not to do this?
Thanks,
-Gary Levell
www.exclaimer.net
This message (and any associated files) is intended only for the use of
spf-discuss(_at_)v2(_dot_)listbox(_dot_)com and may contain information that is
confidential, subject to copyright or constitutes a trade secret. If you are
not spf-discuss(_at_)v2(_dot_)listbox(_dot_)com you are hereby notified that
any dissemination, copying or distribution of this message, or files associated
with this message, is strictly prohibited. If you have received this message in
error, please notify us immediately by replying to the message and deleting it
from your computer. Messages sent to and from us may be monitored. Any views or
opinions presented are solely those of the author gary(_at_)exclaimer(_dot_)net
and do not necessarily represent those of the company.
This disclaimer was added by eXclaimer for Microsoft Exchange 2000, a DCSL
product. Please visit our web site at www.exclaimer.co.uk for more information.