spf-discuss
[Top] [All Lists]

RE: [spf-discuss] Implicit A (was: Implicit MX)

2007-01-14 22:49:17
Alex van den Bogaerdt wrote on Sunday, January 14, 2007 10:15 PM -0600:

On Sun, Jan 14, 2007 at 09:26:59PM -0600, Seth Goodman wrote:

If I understand you correctly, you are suggesting that implicit
"a" means to imply "+a" for every SPF record.  If so, it would
then be hard to say that a domain sends no mail since the
implied "+a" in

Just like with the implicit MX, there is often no host that has
the identical name as the domain _and_ is authorized to send
mail.


you forgot the part where I said: "... for HELO ...":

This assume the hostname of the outbound relay is identical to the
domain name

No, it isn't.  You keep involving MAIL FROM.  Don't, as this is not
what I have in mind.

I was referring to hostname.  What we seem to disagree on is whether
every domain authorizes a host to HELO using the bare domain name.  That
may be the case for domains with a single machine, but many/most domains
have separate hosts for web server, inbound and outbound relays, all
with distinct hostnames.  The hostname that frequently aliases to the
domain name is the web server, so that both www.example.com and
example.com are usable web addresses.

example.com.       A      192.168.0.1
inbound            A      192.168.0.2
outbound           A      192.168.0.3
www                CNAME  example.com.
                   MX     10  inbound.example.com.

For this setup, the web server sends no mail and the outbound relay
HELO's as outbound.example.com.  The only time a host would HELO as
example.com is if the web server gets rooted.  Unfortunately, the
implicit a: would authorize the web server to send mail, and worse yet,
that causes no problem initially.  This is not something you'd like to
find out about the hard way.

Telling the admin that it's his fault because he didn't RTFM is not
where we want to be.  The absence of surprising side effects is somewhat
more important than saving two characters in the SPF records of _some_
single-host domains.

--
Seth Goodman

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735

<Prev in Thread] Current Thread [Next in Thread>