-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Richard Parker wrote:
On Aug 9, 2005, at 5:42 AM, Scott Kitterman wrote:
First, and without delay, change ptr:cox.net to ?ptr:cox.net. That will
achieve the goal of matching something before the all without giving
all the
zombies a pass.
On Aug 9, 2005, at 7:07 AM, Stuart D. Gathman wrote:
Because he sometimes sends mail through those ISPs. What is probably
better
practice in that situation is the following:
1) TXT electrophobia.com:
"v=spf1 ?ptr:cox.net include:dsis.net include:easydns.com -all"
In fact, any ISP you include that does not actively prevent
cross-customer forgery should be NEUTRAL.
Yes, in fact I used to be using the exact record that Scott and Stuart
recommend. Unfortunately I received an unacceptably high number of
mail rejections from people who appear to implement a policy of "reject
mail if SPF record exists and it doesn't return PASS". So my choice
was an overly permissive SPF record, no SPF record, or mail
rejections. I chose door number 1. I suppose I could have kept my
record the same and tried to track down and personally contact via
another e-mail address all of those who were implementing that broken
policy, but I'm not dedicated to my use of SPF enough to do that.
I would say that this is the #1 reason for us to discourage the use of
?all records. People being people, the receivers will adapt to the
perceived reality of what the modifiers mean rather that the "book"
version of what they are supposed to mean.
With AOL and other frequently forged domains publishing ?all rather than
~all or -all the real meaning of '?' goes from neutral to forged in a hurry.
- --
Daniel Taylor VP Operations Vocal Laboratories, Inc.
dtaylor(_at_)vocalabs(_dot_)com http://www.vocalabs.com/
(952)941-6580x203
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFC+QS78/QSptFdBtURArJZAJ9kghQAxYgauB/99Nr6cQ0bpkM/+ACfegTX
7dnZqD0fWnJdoX1CVBQ1l2I=
=sSmg
-----END PGP SIGNATURE-----