Thanks for the feedback so far on spf-all.com.
I should have mentioned that there are a few cases not yet handled that
I will be considering:
- use of redirect= to make one domain the same as another
- ending a record with include: to include another record that ends in
-all
There may be other unusual cases that I should consider. This mailing
list is probably a good source of test cases!
I would also like to try to exclude DNS wildcard records from the
statistics as this may skew the results. For example, there is a
*.livejournal.com record that is "v=spf1 -all". In this case I can
query the literal "*.livejournal.com" record and receive the TXT reply;
I could then exclude all subdomains from the statistics. However, this
doesn't consider all cases because there is for example a
"pics.livejournal.com" that is different and has no TXT record at all.
I don't believe there is a reliable way to find out what is a wildcard
and what isn't from a DNS server, though.
I deliberately made the wording on the site optimistic and a bit
simplified. There are certainly a number of conditions required for SPF
-all to succeed - the most obvious is that any receiver must be
checking SPF records in the first place.
Why am I doing this? The first reason is curiosity. The story is that a
friend noticed that his bank uses -all, and I was curious just how many
domains really did take their sender policy seriously. Second, as Ian
mentioned, it exists to help encourage postmasters to use SPF -all
because there are already plenty of domains doing so.
Greg Hewgill
http://hewgill.com
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription:
http://v2.listbox.com/member/?member_id=2183229&id_secret=74264871-999af6
Powered by Listbox: http://www.listbox.com