spf-discuss
[Top] [All Lists]

Re: Zonecuts specified in SPF draft

2005-01-13 08:54:00
If no matching records are returned for the <domain;>, the SPF client
MUST find the Zone Cut as defined in [RFC2181] section 6 and repeat
the above steps.  The <domain>'s zone origin is then searched for SPF
records.  If an SPF record is found at the zone origin, the <domain>
is set to the zone origin as if a "redirect" modifier was executed.

I no longer find this a good idea without having a "match_subdomains=yes"
modifier as specified in spf-draft-200406. The reason is following example:

hostpoint.ch.           TXT     "v=spf1 mx ?all"
hostpoint.ch.           MX      1 mail.hostpoint.ch.
mail.hostpoint.ch.      A       217.26.48.126
server16.hostpoint.ch.  A       217.26.52.26

MAIL FROM:<xyz(_at_)server16(_dot_)hostpoint(_dot_)ch>

server16.hostpoint.ch has no SPF record and the SPF record at hostpoint.ch
(zone cut) does not authorize 217.26.52.26 (=server16.hostpoint.ch) to send
mail.

Roger


<Prev in Thread] Current Thread [Next in Thread>