--Scott Kitterman <spf(_at_)kitterman(_dot_)com> wrote:
If isp.com has an SPF record, the above web page will
prefill the SPF record with "include:isp.com".
if isp.com does not have an SPF record, the above web page
will prefill the SPF record with "ptr:isp.com".
Wouldn't that mean that ANY computer in isp.com, such as
host157-139.pool8252.isp.com (that is any trojaned box with a broadband
connection that uses that isp?
Wouldn't "?ptr:isp.com" make a lot more sense?
An alternative is to send several messages to yourself and see what IPs
they are using for mail servers and then use ip4: to try and narrow the
field.
I agree that ?ptr and ?include make more sense in this case.
Unfortunately, limiting your per-user SPF record to only the mailservers at
that ISP doesn't actually solve the ? problem, because most ISPs do not
enforce RFC2476 at their smarthost, and instead choose to allow any user on
their network to send with any outgoing MAIL FROM... So even if you know
the outgoing IP's of all the smarthosts, you would still want to use ? to
include them, unless the ISP enforces SMTP AUTH and associates non-local
addresses with each account.
?include:domain or ?ip4:xx is still better then ?ptr:domain because it
limits to fewer machines and those machines are less likely to be
virus-infected (for long :)
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>