I have some domains which have the following attributes:
1. I control the DNS and run the servers
2. The domains all have NS records
3. The domains have no A records and no MX records
4. The domains never send nor receive E-mail.
(these are placeholder domains, mostly to prevent others from
using them for confusion purposes).
Publishing
"v=spf1 -all"
should allow the detection of forgeries in sent mail for
mail allegedly coming from user(_at_)placeholder(_dot_)domain, or even
the null sender at placeholder.domain. It that sufficient to
also give detection of mail from user(_at_)mail(_dot_)placeholder(_dot_)domain
(where, in fact, there are no machine names in the domain),
or do I need to add a wildcard record to stop those?
In the cases where I do have some A records, and supply MX
records only for the old fashioned best practices of having
a working postmaster (and now 'abuse') inbound address, what
are the minimal set of spf records needed to assert that
there are no valid senders?
--
-=[L]=-