Hector,
At 04:36 PM 7/2/2005, you wrote:
How do you handle or what comment do you have about a domain that has no SPF
record, however, the MX host for this domain has a SPF record?
Example:
mail domain:<xxxxxxx @ no-spf-domain.com >
No SPF domain for email domain. But if you do a MX lookup, it has
MX --> mx.host.with-spf.com
and this mx has a SPF record?
I am wondering if there is a consideration or it makes sense to have a
"default MX" SPF lookup for the email domain?
Comments?
I'm not for this idea because I could see ways this might lead to
abuse or at least a lot of finger pointing. MX records define how to
send a message to a given domain, not necessarily where the domain
sends from (although I would not at all be surprised to learn that,
in a great deal of cases, it is the same SMTP server doing both jobs).
Should such an idea become part of the standard, I would hope that
the best case return would be an inconclusive result rather than an
SPF PASS. It is not all that hard to create and publish an SPF
record for a given domain to accomplish the same result
explicitly. Doing so would always offer the most conclusive answer
to know for sure that the domain holder intended as a particular SPF
behavior (e.g., No mail sent from this domain, "v=spf1 -all" vs. go
ahead and use the MX record, "v=spf1 MX -all" - [I think that last
syntax is correct, but I prefer explicit IP addresses to limit the
need to keep checking the DNS server to determine a final SPF result]).
FWIW, Commerco also publishes MX records, but often publishes as
"v=spf1 -all" for many domains because they just don't send outbound
mail. By having the MX, we can avoid certain other problems (e.g.,
postmaster and abuse for a given domain are not available without an
MX record) and rapidly identify when name abuse is taking place.
In the specific case where I saw this, I don't think the SPF ip addresses
matche the sender IP address, but it was a relaxed policy. The email
domain was amidatrust.com
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
Best,
Alan Maitland
WebMaster(_at_)Commerco(_dot_)Net
The Commerce Company - Making Commerce Simple(sm)
http://WWW.Commerco.Com/