spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Standard Authentication Query

2005-03-30 13:47:09
from [Commerco WebMaster] [Permanent Link] 
Dave,

At 11:32 AM 3/30/2005, you wrote:

At 11:02 AM 3/30/2005 -0500, Todd wrote:

On Tue, 29 Mar 2005, at 16:12, David MacQuigg wrote:
>

.. snip ..
One thing I'm not clear on is whether an address like CPE-69-76-120-59.wi.res.rr.com can be SPF-blocked at the res.rr.com level, or whether you need to have SPF records for all the subdomains below that. I wish I knew more about DNS.
I think the short answer is yes. Another question to consider might be how best to implement such a solution. 

I can think of two ways:
1) Have a TXT record set up for each zone A entry (Ugly without automation and makes for bigger zone files). 2) Use DNS wildcard capability and point the TXT record on wildcard sub zones back to 
a common entry.  For example:
$ORIGIN sub1.suba.domain.tld.
*          86400  IN  A  nnn.nnn.nnn.nnn
*          86400  IN  TXT "v=spf1 redirect=_spf.suba.domain.tld"
would point all entries under sub1.suba.domain.tld back to the suba SPF rules TXT at _spf.suba.domain.tld
Depending upon the environment, one would probably make more sense than the other. Using DNS wildcard tends to require a bit more management.
Another question is whether there might be "cross-pollution" between the different biz.rr.com subdomains. Ideally, each should have its own reputation to gain or lose, but there may be a problem with how many names a reputation service is willing to keep track of. If they just provide one rating for all of biz.rr.com, then one spammer.biz.rr.com could ruin the whole group. You might want to say any business that wants to operate its own public mail server should do like joesgarage.com and get their own name. Then you can SPF-block the entire biz.rr.com subdomain, and be done with it.
Not sure this would be a problem, think about some of the international country TLDs that break out domains into tertiary and further zone splits. 


-- Dave
************************************************************     *
* David MacQuigg, PhD      email:  dmquigg-spf at yahoo.com      *  *
* IC Design Engineer            phone:  USA 520-721-4583      *  *  *
* Analog Design Methodologies                                 *  *  *
*                                   9320 East Mikelyn Lane     * * *
* VRS Consulting, P.C.              Tucson, Arizona 85710        *
************************************************************     *


Best,

Alan Maitland
WebMaster(_at_)Commerco(_dot_)Net
The Commerce Company - Making Commerce Simple(sm)
http://WWW.Commerco.Com/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Standard Authentication Query, David MacQuigg
Next by Date:  Re: FYI from the I-D factory, Frank Ellermann
Previous by Thread:  RE: Standard Authentication Query, David MacQuigg
Next by Thread:  Softfail (was: Standard Authentication Query), Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]