----- Original Message -----
From: "Stuart D. Gathman" <stuart(_at_)bmsi(_dot_)com>
No SPF domain for email domain. But if you do a MX lookup, it has
MX --> mx.host.with-spf.com
and this mx has a SPF record?
The mail domain still doesn't have an SPF record.
Sorry, I did not state it correctly. I didn't mean the full MX host name,
but the main domain part.
Here is the specifics:
In the IETF-SMTP forum, one of the guys I have been exchanging mail with has
an email address with the domain amidatrust.com. This domain doesn't have
an SPF record.
A MX lookup shows:
MX preference = 5,
mail exchanger = ismtp.easyspace.everyone.net
The domain everyone.net has a SPF record:
v=spf1 include:sitespf.everyone.net ?all
and for sitespf.everyone.net
v=spf1 ip4:216.200.145.0/26 ip4:208.184.100.0/26
ptr:outmx.everyone.net ?all
So what I wanted to see if the sender IP address matched he SPF record for
the main domain of the MX record.
One of the sessions had
IP 212.23.3.140
HELO pythagoras.zen.co.uk
MAIL FROM: <his-address @ amidatrust.com>
The HELO matched this IP address and this HELO domain did not
So what I was wondering A) what does thie mean? What kind of setup or type
of user he is, B) find if there could be any correlation or logical reason
that this can be done or reason why it can' t be done.
The 'mx' mechanism in SPF is intended for the common case where the same
host is used for both. But it doesn't make sense to make that assumption
in the absence of an SPF record.
Right. I was just winging it to see if there some logical correlation to be
made here borrowing concepts from my fidonet days.
I guess the "isp" protected itself, for the company email domain,
"everyone.net" but not his hosted domains since they are not sending mail
for them.
In the old fidonet days, the "Net Host" (ISP) was responsible for all the
"nodes" (domain) in his area. With Fidonet, you got your own address once
the net host tested your machine for minimum compliance.
It would be like the today internet ISP saying:
"ok, you brought a domain and IP addresses for your setup.
I need test your machine to make sure it complies with
the new security SPF policy especially since you want
us to host your email domain."
Once the fidonet net host tested your machine, your address was published in
the nodelist (like DNS). A node could be setup to never receive mail
"directly" (private system) but the rules were that you must allow routed
mail thru the net host.
So this is basically the same thing where you are sending mail throught the
MX host only and the host will relay it to the final destination (node).
However the MX host is not taking responsibility for the customers email
domain outbound activity.
What if the email domain turned out to be malicious? Does the ISP have some
responsibility here?
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com