Wayne,
Although I don't know if this is stated explicitly anywhere in the SPF
specification, I have always had a pretty simple view of redirect vs.
include.
To me redirect is something one would publish to point to a non-host
resource within a given domain's zone (e.g., _spf.example.tld in the
example.tld domain is where you go to get SPF records covering
example.tld). In other words, if you are asking about the SPF record for
this zone, go here (here being _spf.example.tld). Redirect is convenient,
in that it allows for a kind of shorthand for very long SPF TXT records, so
as to avoid placing TXT records of large size for every zone file entry for
a given domain, thereby minimizing the cluttering up of the DNS cache with
duplicate data.
On the other hand, I view include serving as an option to request inclusion
of an another domain's zone SPF record to determine final PASS state (e.g.,
example.tld messages also PASS for SPF when PASS for SPF from
otherexample.tld is true - I think that this is also how one handles the
case where a domain owner allows their messages to be sent via an upline
ISP SMTP MTA publishing their own SPF records).
While the above is how we tend to implement here, I am fairly sure that the
spec is a bit more flexible, in that the redirect could be pointed outside
one's domain zone, however, I don't immediately see cases where that should
be done.
Having both redirect and include is convenient, because one could envision
publishing local SPF rules that might expand upon or even conflict with the
rules on the include domain's SPF record. From a domain publisher's view,
that allows for greater granularity on SPF down the road, because should a
conflict exist between the domain's SPF record and the include domain's SPF
record, the fallback position must always be go with the original domain
publisher's intent.
The other case I can think of is when a domain publisher has a local SMTP
MTA they wish to authorize for their domain (their local SPF record covers
this), and also uses their upline ISP's server as a "smarthost" or fail
over server (their include covers this through their ISP's SPF record).
Am I wrong in my usage of redirect and include or my thoughts about same?
At 11:47 AM 5/20/2005, you wrote:
In <200505201928(_dot_)41810(_dot_)bulk(_at_)mehnle(_dot_)net> Julian Mehnle <bulk(_at_)mehnle(_dot_)net>
writes:
> Wayne Schlitt wrote:
.. snip ..
However, to back up a second, Stuart just posted that he thinks that
include and redirect already defined to act the same. I would like to
confirm that you are saying that they don't.
-wayne
Best,
Alan Maitland
WebMaster(_at_)Commerco(_dot_)Net
The Commerce Company - Making Commerce Simple(sm)
http://WWW.Commerco.Com/