[Top] [All Lists]

[spf-discuss] Re: SPF -all domain survey

2007-12-10 13:40:29
Greg Hewgill wrote:

I will be considering:
- use of redirect= to make one domain the same as another


- ending a record with include: to include another record
  that ends in -all

Skip that test, "including" a "-all" policy only results in
"no match" for the include, it won't return a FAIL.  This
include business is only for matching, i.e. to see if the
included IPs would PASS if used directly.  After that the
"including" policy could still say that those IPs are only
NEUTRAL, you could have ?include:dubious.isp.example etc.)

I would also like to try to exclude DNS wildcard records
from the statistics as this may skew the results.

ACK, stay away from foo.claranet.de, that's covered by a
wildcard with a redirect= to a FAIL policy.

I could then exclude all subdomains from the statistics.

AFAIK that's not how wildcards work, there can be real
whatever.livejournal.com not covered by their wildcard.
Example, pop.claranet.de has no SPF policy, unlike foo,
bar, www, or xyzzy.claranet.de.

I don't believe there is a reliable way to find out
what is a wildcard and what isn't from a DNS server

Maybe you can ask for the policy of *.claranet.de, if
it's the same as for foo.claranet.de don't count it (?)

And then pop.claranet.de clearly counts as "no SPF", it
is very different from *.claranet.de (better check it).

If you find a better solution for the wildard issue
please tell us how this works, I'm always curious. :-)


Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription: 
Powered by Listbox: http://www.listbox.com