Todd Herr wrote:
So, just so I'm clear on things here...
Would the following be an acceptable SPF record for rr.com?
"v=spf1 ip4:24.30.203.0/24 ip4:24.28.200.0/24 \
ip4:24.28.204.0/24 ip4:24.30.218.0/24 \
ip4:24.93.47.0/24 ip4:24.25.9.0/24 \
ip4:65.24.5.0/24 ip4:24.94.166.0/24 \
ip4:24.29.109.0/24 ip4:66.75.162.0/24 \
ip4:24.24.2.0/24 ip4:65.32.5.0/24 +mx ~all"
Acceptable, that is, from the standpoint of fewer than 10 methods
and guarding against the forged @rr.com sender that Radu spoke of
upthread?
From _that_ standpoint: yes.
But does the record authorize _more_ IP addresses for sending mail from
rr.com than necessary? In other words: is it too broad?
$ for a in $(
>> dig +sho rr.com MX | cut -d' ' -f2
>> ); do
>> dig +sho $a A
>> done | sort | uniq | wc -l
36
As far as I can see, the above record authorizes 12*254 + 36 = 3084 IP
addresses to send mail from the domain rr.com. Is this appropriate?