spf-discuss
[Top] [All Lists]

Can SPF identify wildcard domain forgery?

2004-08-26 23:59:00
Guy wrote:

Maybe we need an "and" directive, so that 2 or more directives must be
true?

You can do the "and" at your DNS server. To allow only User1, User2, etc. to
send mail only through 1.2.3.4 or 2.3.4.5, setup following records:

"v=spf1 exists:%{l}.%{i}._spf1.watkins-home.com -all"
User1.1.2.3.4._spf1.watkins-home.com    A       127.0.0.1
User1.2.3.4.5._spf1.watkins-home.com    A       127.0.0.1
User2.1.2.3.4._spf1.watkins-home.com    A       127.0.0.1
User2.2.3.4.5._spf1.watkins-home.com    A       127.0.0.1
...

Or you could have following records (less recommended):

"v=spf1 -exists:%{l}._spf1.watkins-home.com ip4:1.2.3.4 ip4:2.3.4.5 -all"
*._spf1.watkins-home.com        A       127.0.0.1
User1._spf1.watkins-home.com    TXT     ""
User2._spf1.watkins-home.com    TXT     ""
...

Roger