My 2 cents on the wildcard subject...
Wildcards don't make it easier to publish SPF records for all your domains.
You still need to create TXT records for any sub-domain that has an A or MX
record. (The previous examples point out that this doesn't work. If the
label exists with some other type, you have to manually add TXT for that
label as well. I think the reason is that if you use a wildcard, and it
also applies to other labels in the zone, there would no way to override an
entry so that there is no TXT returned.)
But, if you *already* use a wildcard for either A or MX, you should have a
TXT wildcard record for the same wildcard domain string.
Some folks (in both spf and marid) have proposed using a prefix for SPF
data. A prefix would actually work with wildcards but you lose any
selectivity. For example, if
*.domain.com IN A 10.1.2.3
already exists, then you can define
*.domain.com IN TXT
This would provide the same TXT answer for "whatever.domain.com" and
"spfv1.whatever.domain.com" as long as whatever doesn't exist in
non-wildcard form.
But, there are other reasons I don't like prefixes. For one, I don't
really think there is a problem with conflicts to existing TXT records -
even if there are conflicts, the users of other types of TXT records can
figure out how to resolve them. Second, if a new RRtype is allocated
later, a prefix would not be needed and would actually hinder things in the
long run. Using TXT with no prefix now makes it easier to switch later.
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>