John Keown wrote:
But something needs to calculate the ip addresses according to a fixed set
of mathematical rules. IF not then a whole set of new rules needs to be
created to create the ip addresses. These rules need to be defined and as
present they are not defined and open to interpretation.
What does the following mean.
smtp.example.com. A 192.167.1.25
mx.example.com. A 192.168.1.19
example.com. MX mx.example.com.
example.com. TXT "v=spf1 a:smtp.example.com/28 mx -all"
Does it mean 192.167.1.25 192.168.1.19-192.168.2.18
OR DOES IT MEAN 192.167.1.25 192.168.1.0-192.168.1.255
a:smtp.example.com/28 means 192.167.1.16-31
mx means 192.168.1.19
Overall it means that mail for example.com can legally come from either of
those ranges, i.e. 192.167.1.16-31 or 192.168.1.19.
So you got it completely wrong. Who needs a certificate here?
Notice I am listing both the range and the mx single ip.
The answer is that it has 2 different meanings and the answer depends on who
is giving the answer.
NOTHING IN THE RFC DEFINES WHICH IS CORRECT.
Yes it does. Section 4.3 of the spec
(http://spf.pobox.com/spf-draft-200406.txt) says:
If the optional <CIDR-length> is given, then only the upper
<CIDR-length> bits of each IP are compared to the <sending-host>.
Paul.