spf-discuss
[Top] [All Lists]

Re: Inactive domains

2004-06-28 11:17:38
In <40E05970(_dot_)4060203(_at_)elvey(_dot_)com> Matthew Elvey 
<matthew(_at_)elvey(_dot_)com> writes:

Close - remove a 'v':
          IN TXT "v=spf1 -all"


Do a dig altavista.com TXT
to see another option.

The record at altavista.com allows you to track who is using your
domain name.  You will need to enable logging on your name server to
make use of it though.

As a minor note, the altavista.com SPF records would be better if they
used -exists:... instead of +exists:...  That is, it should be:

  "v=spf1 -exists:CL.%{i}.FR.%{s}.HE.%{h}.null.spf.altavista.com -all"

Right now, if email is sent with an altavista.com domain name through
a mail server whitelisted via the receivers local-policy or via the
T-FWL (see http://trusted-fowarder.org), the forged email will not be
rejected.  By using only deny mechanisms (ones with '-'), SPF
implemenations will know not to make the local-policy exceptions.


-wayne