Rene Barbier wrote on Wednesday, January 24, 2007 2:02 AM -0600:
FWIW, and from outside comcast's network, here is a list of
comcast.net servers we received mail from during the last 12
months. It's slightly broader that what you have.
Guy could cast a broader net and list several /24 ranges, if he doesn't mind
designating a bunch of other nearby machines in the Comcast network.
Otherwise, the naming pattern seems to use four base names with two digits, the
first digit being either 1 or 2. This produces eighty combinations that a
script must query for A records often enough to notice changes and correct your
SPF record. Even if the script were smart enough to combine the IP's into CIDR
ranges where possible, the list given by Rene would almost certainly go over
the boundary of one UDP packet. Another possibility is to write a script to
periodically send mail to yourself and look for new outbound MTA's. This list
would be shorter, though every user would have to map it themselves.
I notice that spot checking the IP's from Rene's list shows somewhat different
IP assignments from what they were in Rene's post. The arrangement seems to
have some order, though they are not CIDR ranges. This is a real use case for
what I suggested in the thread on an alternate notation for contiguous
addresses that do not map to CIDR ranges. Though it was suggested in that
thread that CIDR ranges are adequate to produce short SPF records, that is
certainly not the case here and I don't think it will be the case for a number
of organizations. The fact that they shuffle the IP's occasionally makes it
problematic to tell Comcast that if they wanted to publish a reasonable SPF
record, they need to change their IP naming regime. While that is certainly
feasible, it's one more hurdle that can be avoided by the addition of an
alternate IP range notation to the SPF record syntax.
--
Seth Goodman
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735