On Sun, 20 Jun 2004 12:07:44 -0400 (EDT), Meng Weng Wong wrote:
the implicit MX rule says: if a given domain name has no MX
records, but you need to send mail to it, you can substitute
its A record.
However, this rule is a currently a valid, if undesirable way
to configure an MTA
This rule bugs me, because it means that spammers can forge
MAIL FROM:<workstation.example.com> and I have to put an SPF
record on workstation.example.com to foil that. I shouldn't
have to.
Just bugs me, even without SPF.
I propose this rule:
1) given a return-path, if the domain has an MX record, do
an SPF lookup on the domain. This is the normal case and
the behaviour defined in the SPF draft.
2) if the domain does NOT have an MX record,
but it does have an A record,
and if the domain does not have an SPF record,
then assume the default SPF record "v=spf1 a -all".
Whilst on one hand I like the proposal, since I dislike the
implicit MX rule, I think it is not a good idea to implement
since:
* The proposal, unlike the rest of SPF, will effect
domains/MTAs that are not participating in SPF, but still RFC
compliant.
* We currently have no idea how many domains/MTAs use the
implicit MX rule for delivery, so have no idea as to what it's
impact would be.
To gain realistic statistics would probably require help from
the likes of Carl Hutzler at AOL or someone from Hotmail to see
how often the implicit rule is used for delivery. This is not
likely to be a 5 minute job, but better than scanning every
domain with an A but no MX for port 25.
Regards
Karl Prince
______________________________________________________________
Email via Mailtraq4Free from Enstar (www.mailtraqdirect.co.uk)