Shelby wrote:
If you can tell me why the above syntax does not tell the spammer that
"user" is likely one of my legitimate e-mail addresses, then I can say
"yes".
Because there is no way for the spammer to find out that there is a
subdomain user._spf.example.com.
William wrote:
example.com. IN TXT "v=SPF1 +mx redirect=%{l}._spf.example.com"
*._spf.example.com. IN TXT "v=SPF1 -all"
user._spf.example.com. IN TXT "v=SPF1 ?all"
The following records achieve the same:
example.com. IN TXT "v=spf1 +mx ?exists:%{l}._spf.example.com -all"
user._spf.example.com. IN A 127.0.0.2
Further, I suggest you write "v=spf1" instead of "v=SPF1" because there
might be some SPF implementations where the version string is not
case-insensitive.
Shelby, again: The spammer cannot find out that there is a subdomain
user._spf.example.com. If your name server allows to find out the names of
the subdomains, then it is misconfigured and you should immediatley fix it.
BTW: Did you already read following page?
http://www.rhyolite.com/anti-spam/you-might-be.html