On Mon, 2004-06-14 at 11:02 +0200, Roger Moser wrote:
David Woodhouse wrote:
Unless you can truthfully state that mail from your domain will never be
sent to a third-party address which is forwarded without SRS, then
'-all' doesn't accurately reflect your situation either.
If you sign all envelope senders and you have set up a custom DNS server to
check the signatures by using the 'exists' mechanism, then you can have
'-all' in your SPF record.
Heh. True -- that's a cunning approach to work around the fact that some
people can't be bothered to do sender verification callouts to check
addresses are valid, but some of those same people _do_ bother with SPF
:)
Likewise I suppose '?1.2.3.4/0 -all' would be reasonable, if that's
actually permitted :) But you know what I meant.
--
dwmw2