On Wed, 8 Sep 2004, guy wrote:
A wildcard entry will not match an existing entry.
Given:
watkins-home.com. txt "v=spf1 ..."
*.watkins-home.com. txt "v=spf1 -all"
www.watkins.home.com. a 1.2.3.4
The * entry will disallow email from any host that does not exist.
But won't help with hosts that do exist.
Absolutely correct.
How can I prevent someone claiming to be sending email from:
someone(_at_)www(_dot_)watkins-home(_dot_)com?
By putting spf record at www
Assume I have more than 1 host I need to protect, not just www.
Perl is your friend...
From what I have read, I should give each host a spf record!
This does not seem reasonable for large sites. For me it is ok.
But if this is true, it seems likely most people don't know to do it.
Education is the key to knowledge ...
If I am correct, this needs to be in the spec, or if it is, it needs to be
in the spec twice! Or made very clear.
Thousand repititions makes one truth... No wait - that is a quote from the
wrong type of book, lets not go there!
Actually what you need to understand is that those who use wildcards
already know all this and those who don't really should not try until
they have reason to use wildcard for something other then SPF.
(BTW - This should not be in the "spec" but should be documented at SPF
website, since this is where new people will look when wantin to learn
about SPF. Good documentation is key to success just likegood technology,
but techies are notorious for not wanting to document what they do)
Maybe a directive to state that no sub-domains are allowed to send email
"-all". When MTA finds a sub-domain/host without a spf record, check the
parent domain where you may find a spf record with the "no sub-domains
allowed" directive.
Oh? And how would you know what "parent" domain is?
What is a parent of "my.very.long.domain.example.com"?
If you say its "example.com", how are going to decide when you see
"my.very.long.domain.example.co.uk" ?
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net