spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: Military

2004-07-28 06:22:57
from [John Keown] [Permanent Link] 
It is not the clients ip address that at issue but the smtp server ip
address that is important. As long as the clients is connecting to the
domains smtp server the clients ip address is not relevant.

----- Original Message ----- 
From: "wayne" <wayne(_at_)midwestcs(_dot_)com>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Wednesday, July 28, 2004 9:13 AM
Subject: Re: [spf-discuss] Re: Military



In <003801c47492$a27b8df0$aa1d6bd8(_at_)johnlaptop> "John Keown" 
<jdk(_at_)nni(_dot_)com>

writes:



The only reason for an unlimited spf record is laziness.


I disagree, there are times when unlimited SPF records are perfectly
ok.

For example, say a company wants to use SPF in a restricted fashion,
but it first needs to gather information about the legitimate usage of
their domain name.  They should be able to publish a "tracking" SPF
record that doesn't change the status quo, such as:

@ TXT "v=spf1 +exists:CL.%{i}.FR.%{s}.HE.%{h}.spf.%{d} ?all"

After a while, they may add known good outgoing MTAs, such as:

@ TXT ( "v=spf1 a:mx-out.%{d} include:bulkmailer.com "
        "+exists:CL.%{i}.FR.%{s}.HE.%{h}.spf.%{d} ?all" )

They may even want to get rid of the worst sources of forged email by
explicitly using a DNSBL like the CBL, such as:

@ TXT ( "v=spf1 a:mx-out.%{d} include:bulkmailer.com "
        "-exists:%{ir}.cbl.abuseat.org "
        "+exists:CL.%{i}.FR.%{s}.HE.%{h}.spf.%{d} ?all" )

This would let people to continue to send email from their homes,
hotels or client sites in almost all cases.  This would continue to
narrow down which employees still aren't using SMPT AUTH to the
companies MTAs.

How the company proceeds from here is hard to say.  The point is that
there are extremely valid reasons to have unlimited SPF records.


I'll add some more:  Because it is the domain owner's right to not
participate in SPF.


-wayne



-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Send us money!  http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your

subscription,

please go to

http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Overly broad ip range in spf - think like a spammer, John Keown
Next by Date:  Re: Overly broad ip range in spf - think like a spammer, rogerk
Previous by Thread:  Re: Re: Military, wayne
Next by Thread:  Re: Re: Military, rogerk
Indexes:  [Date] [Thread] [Top] [All Lists]