On Thu, 10 Jun 2004, Paul Howarth wrote:
Weldon Whipple wrote:
The last line *could* be interpreted as follows:
Say my domain has the following spf record:
whipple.org 86400 IN TXT "v=spf1 redirect={1}._spf.whipple.org"
and I have additional records for the following (only)
fred._spf.whipple.org 86400 IN TXT "v=spf1 ip4:192.168.234.5 -all"
mel._spf.whipple.org 86400 IN TXT "v=spf1 ip4:192.168.234.6 -all"
shtinky._spf.whipple.org 86400 IN TXT "v=spf1 ip4:192.168.234.7 -all"
There is *not* one for (say):
elvis._spf.whipple.org 86400 IN TXT "v=spf1 ip4:192.168.234.8 -all"
If someone sends e-mail purportedly from elvis(_at_)whipple(_dot_)org, "If
there is
no match, the exec fails to match, and the -all value is used" (quoting
from the URL given earlier).
That is exactly the way I would want it to behave, I think... (?)
I don't think you'd get what you want there, because the lookup of the SPF
record for elvis._spf.whipple.org would fail (NXDOMAIN) and hence should
return an SPF "error" rather than an SPF "fail".
However, if you were to add:
*._spf.whipple.org TXT "v=spf1 -all"
Then the lookup of elvis._spf.whipple.org would return the -all value that you
desire. Which is what Wayne suggested in the original response I think.
Thanks for the clarification!
Weldon
--
Weldon Whipple
weldon(_at_)whipple(_dot_)org