spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Question on a unified policy record approach

2005-09-06 04:10:27
On Tue, Sep 06, 2005 at 12:19:23PM +0200, Alex van den Bogaerdt wrote:
On Tue, Sep 06, 2005 at 11:09:38AM +0100, paddy wrote:

Indeed, an SPF record does help here.

don't understand.

If the server's IP addresses are 10.1.0.1, 10.2.0.2, 10.3.0.3, and
if each interface has a different name, this server could send out
mail using its primary name (for instance, the one belonging to
10.1.0.1) on any of its interfaces.

the spf record for example.org will be in the example.org zone file.
the ptr for an ip would be under different administrative control.

So?  SPF works with the email domain, not with the interface names.

The email domain "example.org" has an SPF record:
example.org TXT "v=spf1 ip4:10.1.0.1 ip4:10.2.0.2 ip4:10.3.0.3 -all"

If you receive mail from "any(_at_)example(_dot_)org", this mail should come
from 10.1.0.1, 10.2.0.2 or 10.3.0.3 and nowhere else.  You never
have to lookup a hostname (when using this record).  All you do is
query DNS for the spf record belonging to "example.org" when you
receive the "MAIL FROM: <any(_at_)example(_dot_)org>" command.

granted, but it does not replace the check of a ptr which has potential
to curb forgery the other way around.  In fact, I can't really see why
this is any different from trying to say that spf could mitigate 
sending mail from distinct servers server{0,1,...}.example.org all
as 'EHLO example.org'.  Does EHLO example.org buy something that
EHLO server0.example.org does not ?

Is their a reason why the PTRs for 10.{1,2,3}.0.1 could or should not 
all resolve to a single name ?

Regards,
Paddy
-- 
Perl 6 will give you the big knob. -- Larry Wall

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

<Prev in Thread] Current Thread [Next in Thread>