[Top] [All Lists]

Re: [spf-discuss] SPF -all domain survey

2007-12-10 11:45:56
Thanks for the feedback so far on spf-all.com.

I should have mentioned that there are a few cases not yet handled that
I will be considering:

- use of redirect= to make one domain the same as another
- ending a record with include: to include another record that ends in

There may be other unusual cases that I should consider. This mailing
list is probably a good source of test cases!

I would also like to try to exclude DNS wildcard records from the
statistics as this may skew the results. For example, there is a
*.livejournal.com record that is "v=spf1 -all". In this case I can
query the literal "*.livejournal.com" record and receive the TXT reply;
I could then exclude all subdomains from the statistics.  However, this
doesn't consider all cases because there is for example a
"pics.livejournal.com" that is different and has no TXT record at all.
I don't believe there is a reliable way to find out what is a wildcard
and what isn't from a DNS server, though.

I deliberately made the wording on the site optimistic and a bit
simplified. There are certainly a number of conditions required for SPF
-all to succeed - the most obvious is that any receiver must be
checking SPF records in the first place.

Why am I doing this? The first reason is curiosity. The story is that a
friend noticed that his bank uses -all, and I was curious just how many
domains really did take their sender policy seriously. Second, as Ian
mentioned, it exists to help encourage postmasters to use SPF -all
because there are already plenty of domains doing so.

Greg Hewgill

Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription: 
Powered by Listbox: http://www.listbox.com