spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: SPF record for the HELO domain (for empty return-paths)

2004-08-22 05:30:30
from [Andriy G. Tereshchenko] [Permanent Link] 
[...] 

Therefore AOL should add following SPF records:

omr-m10.mx.aol.com. TXT "v=spf1 ip4:64.12.138.22 -all"
omr-m11.mx.aol.com. TXT "v=spf1 ip4:64.12.138.23 -all"
etc.



Are our goal to reject forgery as early as possible or we can assign "suspect" 
rating for messages not from 64.12.138.22 IP ?
Sendmail already reject messages with flawed reverse DNS records ( IP1 -PTR-> 
microsoft.com -A-> IP2!=IP1)

Why we can not assume "v=spf1 a mx ~all" for _all_ domains/servers without SPF 
records and assign "SPF-Status: none/suspect" ?

BTW, This kind of fall-back can be used for "include" records resolution 
(section 4.2 of draft-ietf-marid-protocol-00 ) if included
record is missing. 

aol.net. "v=spf1 include:aol.com include:aol.org -all".

This will be good practice to deliver emails from MXs for aol.com if some DNS 
configuration errors will result in SPF record
missing.

--
Andriy G. Tereshchenko
Odessa, Ukraine
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Email forwarding w/o submission service, Roger Moser
Next by Date:  Re: SPF record for the HELO domain (for empty return-paths), Karl Prince
Previous by Thread:  SPF record for the HELO domain (for empty return-paths), Roger Moser
Next by Thread:  Re: SPF record for the HELO domain (for empty return-paths), Karl Prince
Indexes:  [Date] [Thread] [Top] [All Lists]