--David Lawless <lawless(_at_)spamcop(_dot_)net> wrote:
I'm looking forward to significant adoption of SPF starting in
August when AOL will begin requiring SPF records from their
bulk-email whitelist participants.
Looking at the sendmail Milter SPF implementation, I see
that one can create "fallback" entries for domains that don't
publish SPF records. Thus our company's important correspondents
can be easily whitelisted if they don't publish SPF immediately.
I'm thinking I'd like to configure SPF on our MTA to block *all*
mail that does not get a "pass" rating from SPF and doesn't also
pass one of the better RHSBLs. Since messages will bounce
immediately, the sender will know and can simply pick up the
telephone and call. I'll mention that in the rejection message!
If they can't manage to publish SPF or use a telephone, we can
live without their correspondence.
I haven't actually used the milter so I might be talking out of my hat
here. I think what you want is to apply either an "override" or a "best
guess". Best Guess usually means applying "a/24 mx/24 ptr ?all" to domains
that don't have their own SPF record, but there probably is a way to
override this to "a/24 mx/24 ptr -all" or even just "-all" if that's what
you really want :)
Let us know how it works out...
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>