On Thu, 28 Oct 2004 08:02:09 -0200, Mike
<info(_at_)netforum(_dot_)com(_dot_)br> wrote:
Hummm...smart
If you do a lookup on spf.terra.com.br you will see:
An A record pointing to 127.0.0.2
A SOA Record and a NS record
Well, refering to the spf draft again, at the end of section 5.7 its mentioned:
--
This mechanism enables queries that mimic the style of tests that
existing RBL lists use.
--
It also says that:
--
This makes fine-grained
decisions possible at the level of the user and client IP address.
--
Which can only tell you that terra.com.br is trying to authenticate
that only those users ( %{l} ) and IPs ( %{i} ) assigned to those
users that will have an 'A' record pointing to '127.0.0.2' are allowed
to send email from this domain (=terra.com.br). For example, if there
was an 'A' record for '192.168.0.3.postmaster.spf.terra.com.br'
pointing to 127.0.0.2 then we would know that postmaster is allowed to
send mail as postmaster(_at_)terra(_dot_)com(_dot_)br or postmaster sends email
from
arbitrary/personal servers. [Also, Refer to section B.3 of the draft
for more examples.]
SPF gurus: please correct me if I am wrong here.
Regards,
Zia