I wrote:
"v=spf1 -exists:%{l}._spf1.watkins-home.com ip4:1.2.3.4 ip4:2.3.4.5 -all"
*._spf1.watkins-home.com A 127.0.0.1
User1._spf1.watkins-home.com TXT ""
User2._spf1.watkins-home.com TXT ""
...
Correct is (dot after "com"):
*._spf1.watkins-home.com. A 127.0.0.1
User1._spf1.watkins-home.com. TXT ""
User2._spf1.watkins-home.com. TXT ""
Guy answered:
Could you explain this more?
The wildcard *._spf1.watkins-home.com. applies only to those subdomains of
_spf1.watkins-home.com that have no records. User1._spf1.watkins-home.com
has a TXT record so querying User1._spf1.watkins-home.com for an A record
does not return an A record (provided for User1._spf1.watkins-home.com no A
record is explicitley given) and the 'exists' mechanism does not much (does
not return 'fail').
And, does this depend on a feature of DNS or a bug?
This behaviour of wild cards is according to section 4.3.3 of RFC 1034.
Comcast.net has 6 SMTP servers that I know of!
If the IP addresses all start with 204.127 then you could have following
records:
"v=spf1 exists:%{l}.%{ir2}._spf1.watkins-home.com -all"
User1.127.204._spf1.watkins-home.com A 127.0.0.1
User2.127.204._spf1.watkins-home.com A 127.0.0.1
...
Roger