----- Original Message -----
From: "Stuart D. Gathman" <stuart(_at_)bmsi(_dot_)com>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Tuesday, July 20, 2004 5:13 PM
Subject: *****SPAM***** [spf-discuss] IMPORTANT: The main point Nico and Co.
are trying to make
On Tue, 20 Jul 2004, Roger Moser wrote:
** The 'ptr' mechanism matches all IP addresses pointed to by all the A
records in the domain's zone. **
What Nico et al are trying to point out is that PTR can *potentially*
match any A record of any subdomain of the given domain. If you use
PTR, and a spammer can control any of the IPs mentioned by any A record in
your
domain or subdomains, then he can forge email from you.
Nico et al feel that this is counterintuitive and that the SPF ptr
mechanism matches more that what a typical sysadmin might expect.
Actually, I've had my understanding improved by this discussion. But I'd
like to see it clear in the wizard, which says
ptr: Any server whose name ends in merl.com is allowed to send mail
from merl.com
It should say:
ptr: Any server whose IP address points to a valid hostname in the
merl.com domain is allowed to send mail from merl.com.
That would make it much more clear, don't people think?