[...]
Therefore AOL should add following SPF records:
omr-m10.mx.aol.com. TXT "v=spf1 ip4:64.12.138.22 -all"
omr-m11.mx.aol.com. TXT "v=spf1 ip4:64.12.138.23 -all"
etc.
Are our goal to reject forgery as early as possible or we can assign "suspect"
rating for messages not from 64.12.138.22 IP ?
Sendmail already reject messages with flawed reverse DNS records ( IP1 -PTR->
microsoft.com -A-> IP2!=IP1)
Why we can not assume "v=spf1 a mx ~all" for _all_ domains/servers without SPF
records and assign "SPF-Status: none/suspect" ?
BTW, This kind of fall-back can be used for "include" records resolution
(section 4.2 of draft-ietf-marid-protocol-00 ) if included
record is missing.
aol.net. "v=spf1 include:aol.com include:aol.org -all".
This will be good practice to deliver emails from MXs for aol.com if some DNS
configuration errors will result in SPF record
missing.
--
Andriy G. Tereshchenko
Odessa, Ukraine