----- Original Message -----
From: "Alex van den Bogaerdt" <alex(_at_)ergens(_dot_)op(_dot_)het(_dot_)net>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Wednesday, February 09, 2005 9:08 PM
Subject: Re: [spf-discuss] Syntax and semantics of the TXT record versus
SPFMILTER behavior
On Wed, Feb 09, 2005 at 08:57:41PM -0500, Nico Kadel-Garcia wrote:
>SPF should only be checked on incoming mail, not outgoing mail.
>It sounds like you are also checking it on outgoing mail.
Why wouldn't you check outgoing? Forgers and email worms can certainly be
active *inside* your network, so checknig outgoing email will inform you
the administrator very quickly of any issues. Checking outgoing email has
to be done carefully, so legitimate clients are permitted, but this is
what
SPF whitelists are for.
In this particular case, the owner expressed he'd rather not
include all of his clients in the SPF record.
_IF_ he's going to do outbound checking (which I doubt) then
it would have to be with a "fake" record (perhaps in an
internal DNS). Who's going to set that up?
Well, the SMTP server owner would do it. It's usually done with an address
whitelist on the outgoing SMTP server, rather than mucking with DNS, or with
an internal set of DNS addresses and TXT records that are not published to
the outside world.
I do not think your idea is bad. I just don't think it is
for everyone...
It takes some work to set up, true. I found it extraordinarily useful last
year, when people brought home infected laptops.