-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
James Welcher wrote:
My problem is that I don't want to allow a wide comcast.net CIDR block
to be able to spoof my domains.
It seems really problematic also to include 40 hosts via the a: syntax
in the TXT record. I'm using DJB's tinydns and it has some issues with
long TXT fields. It splits them over 127 characters (although
according to the spec, most clients should be able to reconstruct),
but over a certain length aproaching the 512 byte limit of UDP DNS
packets, tinydns can't provide this data because DNS uses TCP for
bigger records.
Regardless... I'm trying to find a way to use SPF to add a list of
arbitrary hosts without having to list them all individually, but
without adding in monster CIDR block ranges.
There are two other solutions besides the one you described:
1. Publish A records for their servers' IP addresses:
91.225.127.204.comcast.spf.yourdomain.com. IN A 127.0.0.1
51.177.18.206.comcast.spf.yourdomain.com. IN A 127.0.0.1
...
and then say "exists:%{ir}.comcast.spf.%{d}" or something in your SPF
record. (This may not be more maintainable than your MX solution, but
it is more general and allows for large, arbitrary sets of IP
addresses.)
2. If you're a Comcast customer, contact them and tell them that you'd
like them to publish an SPF record (and keep it up to date). Then
"include:" that SPF record as soon as they publish it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFzampwL7PKlBZWjsRAnzJAJ9XG0I+VtebMSWpkWbCOQjZrGuqWACgg3KD
ZzH07FJzzcU6iHgILnG0XNA=
=J82p
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735