On Sun, Jan 14, 2007 at 06:19:03PM -0600, Seth Goodman wrote:
Alex van den Bogaerdt wrote on Sunday, January 14, 2007 1:47 PM -0600:
Erm, no, what I mean with "implicit 'a'" is the following:
"v=spf1 a ?all"
A host with an IP address that resolves to "mailhost.example.com" is
implicitly allowed to say "HELO mailhost.example.com". A host with
a different IP address is NOT forbidden to use the name by default
(in other words: ?all, not -all).
If I understand you correctly, you are suggesting that implicit "a"
means to imply "+a" for every SPF record. If so, it would then be
hard to say that a domain sends no mail since the implied "+a" in
Just like with the implicit MX, there is often no host that has the
identical name as the domain _and_ is authorized to send mail.
you forgot the part where I said: "... for HELO ...":
Alex van den Bogaerdt wrote on Sunday, January 14, 2007 12:56 PM -0600:
The only default that (IMHO) makes sense is "a" for HELO verification.
You could say that I am opposed to any implicit mechanisms, but if there
has to be one, it only makes sense for HELO.
An implicit "+a" for MAIL FROM would be extremely bad. Suppose we have:
www.example.com. A 192.0.2.1
(or: www.example.com CNAME example.com.)
example.com. A 192.0.2.1
example.com. MX 0 192.0.2.2
The web server on 192.0.2.1, more specifically its insecure forms, should
not implicitly be allowed to send mail for "example.com".
The host named example.com is allowed to say "HELO example.com", no problem.
It's its name after all.
cheers
Alex
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735