I noticed that the wizard on the SPF home page, the one to help admins
create their record, uses ~all instead of -all, even if the user selects
that the records does identify all legitimate outbound hosts. Am I the only
one who thinks it should append -all when that selection is made?
People new to SPF, me for example, have a hard time figuring out the
specifics of SPF at first and the wizard asking such a question only to use
softfail on the all doesn't help. There appears to be no page on the
spf.pobox.com web site which simply outlines the syntax of SPF records and
nothing on the wizard page explains the differences between ? ~ and -. It
seems as if one must read the lengthy Internet-Draft just to get the basics.
I think the wizard on the pobox web site should be modified as follows:
1. Selecting Yes to "Do the above lines describe all the hosts..." should
append a hardfail.
2. The wizard should allow users to specify good as well as neutral,
softfail and hardfail hosts. Most of those would probably not be used but
it would tip off the user as to the differences in defined hosts as well as
make it obvious that you can, for example, hardfail specific hosts
I'd also like to recommend that SPF consider dumping the "ptr" option as
anyone with access to their netblock DNS could establish any ptr they like.
For example, I could set up the ptr "mx.aol.com" for anyone of my IPs and if
the AOL SPF record includes ptr, connections from my host would pass the SPF
test.
Please note I'm willing to back my suggestion. If those who run the pobox
web site agree but don't have the time, I'm more then willing to throw
together a "SPF Syntax and Explainations" web page as well as I'm willing to
redo the wizard.
-Gaven
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com