At 06:56 PM 1/27/2007 -0500, John A. Martin wrote:
>>>>> "David" == David MacQuigg
>>>>> "Re: SPF basics commentary"
>>>>> (Sat, 27 Jan 2007 14:00:56 -0700)
David> For most SPF records, the HELO and Return Address
David> authorizations should be one and the same.
Does that mean that the domain part of the address given in the MAIL
FROM should be the same as the FQDN used in the HELO command?
No, just that the mailfrom domain match the last few parts of the hostname
in the HELO command. This still leaves a little confusion as to how many
parts to include when we look at a HELO name like mx1.example.co.uk. (We
haven't seen the MAIL FROM command yet.) What we do is start by looking up
the record for co.uk:
$ dig txt co.uk.s-id.net +short
"opt=IDlevel:3"
This tells us that records in this domain are kept at level 3. A second
query then produces the desired result:
$ dig txt example.co.uk.s-id.net +short
"svc=S1:A,M2:A,H1:B ip4=192.168.0.0/24"
This domain has ratings from three reputation services, and is authorized
to transmit from one block of IP addresses.
-- Dave
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?list_id=735