spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: non-SPF domains with MX SPF domains

2005-07-02 16:48:27
from [Commerco WebMaster] [Permanent Link] 
Hector,

At 04:36 PM 7/2/2005, you wrote:

How do you handle or what comment do you have about a domain that has no SPF
record, however, the MX host for this domain has a SPF record?

Example:

     mail domain:<xxxxxxx @ no-spf-domain.com >

No SPF domain for email domain.  But if you do a MX lookup, it has

        MX -->  mx.host.with-spf.com

and this mx has a SPF record?

I am wondering if there is a consideration or it makes sense to have a
"default MX" SPF lookup for the email domain?

Comments?
I'm not for this idea because I could see ways this might lead to abuse or at least a lot of finger pointing. MX records define how to send a message to a given domain, not necessarily where the domain sends from (although I would not at all be surprised to learn that, in a great deal of cases, it is the same SMTP server doing both jobs).
Should such an idea become part of the standard, I would hope that the best case return would be an inconclusive result rather than an SPF PASS. It is not all that hard to create and publish an SPF record for a given domain to accomplish the same result explicitly. Doing so would always offer the most conclusive answer to know for sure that the domain holder intended as a particular SPF behavior (e.g., No mail sent from this domain, "v=spf1 -all" vs. go ahead and use the MX record, "v=spf1 MX -all" - [I think that last syntax is correct, but I prefer explicit IP addresses to limit the need to keep checking the DNS server to determine a final SPF result]).
FWIW, Commerco also publishes MX records, but often publishes as "v=spf1 -all" for many domains because they just don't send outbound mail. By having the MX, we can avoid certain other problems (e.g., postmaster and abuse for a given domain are not available without an MX record) and rapidly identify when name abuse is taking place. 


In the specific case where I saw this,  I don't think the SPF ip addresses
matche the sender IP address, but it was a relaxed policy.   The email
domain was amidatrust.com

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com


Best,

Alan Maitland
WebMaster(_at_)Commerco(_dot_)Net
The Commerce Company - Making Commerce Simple(sm)
http://WWW.Commerco.Com/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: non-SPF domains with MX SPF domains, Stuart D. Gathman
Next by Date:  SPF Stats, Lennon - Orcon
Previous by Thread:  Re: non-SPF domains with MX SPF domains, Shane Rush
Next by Thread:  Re: non-SPF domains with MX SPF domains, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]