"Roger Moser" <roger_moser_spf(_at_)greenmail(_dot_)ch> writes:
administrator(_at_)yellowhead(_dot_)com wrote:
Forgive my ignorance, but what good is that? It has absolutely nothing to
do with the the domain that sent the email. If I was a zombied machine
spewing out garbage using whatever for a domain name in the HELO, MAIL
FROM:, and From:, how would checking the PTR record
(207-34-104-6.ip.cal.radiant.net) against the "A" record [207.34.104.6]
provide any useful information?
'ptr' is just a list of IP addresses (controlled by the domain owner and his
Internet provider). This list is all IP addresses pointed to by A records in
the domain's zone. If the domain owner can say "all these IP addresses are
authorized to send mail from my domain", then he can put "ptr" in the SPF
record.
For example if foo.com has following DNS records:
mx1.foo.com. A 192.168.1.1
smtp.foo.com. A 192.168.1.2
then "ptr:foo.com" matches only if the mail came from 192.168.1.1 or
192.168.1.2 and only if the reverse lookup results in a domain name ending
with "foo.com".
Out of curiosity: how many "end" domain components are tested? Clearly,
it must be more than one, or else any one that ends in ".com" would
match. What if the two domains being compared both end in ".co.uk",
such as these?
foo.co.uk
bar.co.uk
--
Lloyd Zusman
ljz(_at_)asfast(_dot_)com
God bless you.