----- Original Message -----
[James Couzens]
So.... if you are a greeting card or otherwise associated business, you
publish a few more records, no big deal I don't think. I believe the
good out weighs the bad.
I'm not talking about single site creating two or 3 or 20 or 100 additional
records in their DNS.
I'm talking about millions of records that need to be created and maintained
by variaty or people with different technical level.
Current wildcard spf records originaly appeared as argument for wildcard
MX's and requered TXT record to be placed at default domain level.
(probably for CNAME purpose).
But after this we found that current wildcards in DNS are not good enough.
Without them or using them in wrong way will result a bunch of forgery will
be put in "Unknown".
While I expect as much as possible forgery for to "Fail" SPF checks
category.
Currently this kind of "Unknown" category has a lot of valid emails becouse
of SPF not yet accepted by everybody.
So instead of current "unknown to SPF" we can have at least 4 different
categories:
a) Unknown to SPF, but has valid MX records
b) Unknown to SPF, but has valid A, AAAA or CNAME
c) Unknown to SPF and it's unknown if any domain records exists
d) Unknown to SPF and we recieved that there is no-record for such a domain
As almost everybody agree here - it's a must to remove as much as possible
forgery from a) and b) categories.
I would like to deliver a) and b) to mail box for sure, c) - propably yes
and d) never.
I understand that b) category is suspect. It's can be allowed to not deliver
this to my mail box.
But I would like to not lose any valid email. So instead of every user in
the world save messages from b) category in trash can (the safest place for
most valuable information ;o), I propose as much as possible forgery from
SPF-Unknown-b category go to SPF-Fail.
Currently this can done only using bunch of records in DNS. Wildcards does
not help.
Even more - they are evil.
--
Andriy G. Tereshchenko
TAG Software
Odessa, Ukraine
http://www.24.odessa.ua