spf-discuss
[Top] [All Lists]

Re: Sending mail from dynamic IP-addresses with dynamic PTR hostnames, but constant EHLO/HELO hostnames

2005-07-10 15:55:33
On 25/05/05, Julian Mehnle <bulk(_at_)mehnle(_dot_)net> wrote:
Constantine A. Murenin wrote:
What about macros with "h = HELO/EHLO domain"? How could I set it to test
if the HELO/EHLO domain resolves to an ip-address of the connected
client, along with the testing that the domain is in the example.name
zone?

The problem with the %{h} macro is that the HELO/EHLO domain is not
_guaranteed_ to be verified.  The SPF specification recommends that
implementations check the HELO domain, too, but it isn't mandated for
historical reasons.

Well, I don't care that some (mostly win32) admins don't maintain
proper helo/ehlo domains -- I do maintain such domains, and so do most
proper-lazy admins. :-)

Are you suggesting that the following isn't going to work for me? 

--- begin DNS example---

example.ru. IN TXT "v=spf1 a a:%{h}.a.spf.example.ru -all"

; The following is for my home machine on Sprint DSL with dynamic IP-address.
; I could have just used 'a:home.example.name' for the same SPF result, but 
; I don't want to reveal the IP-address and/or the domain name of my
home system.
;
home.example.name.a.spf.example.ru. IN CNAME home.example.name.
home.example.name. IN CNAME example.dyndns.org.
example.dyndns.org. IN A 71.0.xx.xxx

; do I need this for caching purposes? 
example.ru.a.spf.example.ru. IN CNAME example.ru.

--- end DNS example---


If this /is/ going to work, do I need to put any extra catch-all
entries to utilise caching? Or do I need the last record
"example.ru.a.spf.example.ru. IN CNAME example.ru."?

Thanks,
Constantine.


<Prev in Thread] Current Thread [Next in Thread>
  • Re: Sending mail from dynamic IP-addresses with dynamic PTR hostnames, but constant EHLO/HELO hostnames, Constantine A. Murenin <=