On Wed, 9 Jun 2004, wayne wrote:
In <40C30C10(_dot_)8080805(_at_)whipple(_dot_)org> Weldon Whipple
<weldon(_at_)whipple(_dot_)org> writes:
Meng Weng Wong wrote:
mengwong._spf.pobox.com TXT "v=spf1 a:dumbo.pobox.com -all"
user1._spf.pobox.com TXT "v=spf1 include:earthlink.net ?all"
user2._spf.pobox.com TXT "v=spf1 include:verizon.net ?all"
Thanks for the explanation! I have implemented the above on the domain
I mentioned in my note. I notice in the above that mengwong... ends in
-all, and user1... and user2... end in ?all. Is there a way of saying
the following: "Everyone else (not specifically mentioned) should be
'-all'" --kind of a wildcard that eliminates all other addresses in
pobox.com?
I'm pretty sure that this will work:
*._spf.pobox.com TXT "v=spf1 -all"
In waiting for a response I stumbled onto the following URL, which gives a
somewhat different explanation (if I understand it correctly), implying
that the wildcard is unnecessary. Here is the URL:
http://spf.pobox.com/mechanisms.html#redirect
It gives the example:
"v=spf1 redirect=example.net"
then says:
<quote>
Suppose example.net's SPF record were "v=spf1 a -all".
Look up the A record for example.net. If it matches 1.2.3.4, return allow.
If there is no match, the exec fails to match, and the -all value is used.
</quote>
The last line *could* be interpreted as follows:
Say my domain has the following spf record:
whipple.org 86400 IN TXT "v=spf1 redirect={1}._spf.whipple.org"
and I have additional records for the following (only)
fred._spf.whipple.org 86400 IN TXT "v=spf1 ip4:192.168.234.5 -all"
mel._spf.whipple.org 86400 IN TXT "v=spf1 ip4:192.168.234.6 -all"
shtinky._spf.whipple.org 86400 IN TXT "v=spf1 ip4:192.168.234.7 -all"
There is *not* one for (say):
elvis._spf.whipple.org 86400 IN TXT "v=spf1 ip4:192.168.234.8 -all"
If someone sends e-mail purportedly from elvis(_at_)whipple(_dot_)org, "If
there is
no match, the exec fails to match, and the -all value is used" (quoting
from the URL given earlier).
That is exactly the way I would want it to behave, I think... (?)
(P.S. I realize that the above IP address are private ones. In a real
implementation, they would be public ...)
--
Weldon Whipple
weldon(_at_)whipple(_dot_)org