Leave SPF1 syntax as is.
One query to _AUTH.<domain> gets all the authentication information from a
domain in summary form, including all methods the domain chooses to use,
whatever they can squeeze into 450 bytes.
Here is an example of the top authentication record for a large, complex
domain. (160 bytes total).
meth=SPF1+,DK2
ip=170(Kapi2RPMcR1CxEJdXOkLCFEC),4(MQDTO0fzuShRvL8q0m5sitIH3)
dk=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAKJ2lzDLZ8XlVambQfMXn3LRGKOD5o6l
MIgulclWjZwP56LRqdg5ZX15bhc/GsvW8xW/R5Sh1NnkJNyL/cqY1a+GzzL47t7E
XzVc+nRLWT1kwTvFNGIoAUsFUq+J6+OprwIDAQAB
The methods used by this domain are SPF1 and DK2. The + after SPF1 means
that it needs some additional records. These may be found
at _SPF1.<domain>. The DK2 information is complete in this top record.
ip is a common keyword, known to all methods. It defines a set of "masks"
that can be used for a quick REJECT at any forwarding machine. In this
case we have 6 blocks of 170 IPs each and 5 blocks of 4 IPs each. The
blocks of 170 could be as large as 256 without making the mask strings any
longer, but this domain owner chose to exclude the last part of each block,
probably to make the masks as tight as possible around the actual servers.
For most domains, these masks are sufficient to generate a PASS
authentication result, but in this case, there are additional restrictions
on machines within the mask blocks, maybe some gaps that the domain owner
wishes to block. These additional restrictions are found by following a
query chain starting with _SPF1.<domain>.
dk is a keyword known to the DK2 method. It defines a public key for the
domain, in this case a 768 bit "DomainKey".
All encoded values are Base64, 6 bits per printed character. These values
should never be edited directly. They are viewed and edited by various
tools that each method provides.
-- Dave
************************************************************ *
* David MacQuigg, PhD email: dmquigg-spf at yahoo.com * *
* IC Design Engineer phone: USA 520-721-4583 * * *
* Analog Design Methodologies * * *
* 9320 East Mikelyn Lane * * *
* VRS Consulting, P.C. Tucson, Arizona 85710 *
************************************************************ *