-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Alex van den Bogaerdt wrote:
Would anyone know why google would say the following?
<quote class="wrong">Publishing an SPF record that lacks
include:aspmx.googlemail.com or specifying -all instead of ~all may
result in delivery problems.</quote>
Note: they say "~all" is good, "-all" is not.
I found this here:
http://www.google.com/support/a/bin/answer.py?hl=en&answer=33786
Interesting. I understand why they advise the inclusion of the
"aspmx.googlemail.com" SPF policy (I applaud Google for providing it!),
but recommending "~all" over "-all" is a bad idea. We actually need
domains to switch to "-all" (and receivers to whitelist whatever few
forwarders they may have).
What really makes me wonder, though, is this wording from the above URL:
| [SPF] records allow domain owners to specify which hosts are permitted
| to send email on behalf of their domains, making it hard to forge From:
| addresses.
There's no way to protect the "From:" address via SPF, not even via Sender
ID / PRA.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHa8xQwL7PKlBZWjsRAn7HAKC7G4Dnag24xuqJaVVuqhnIM6xBJACfcUMy
QsKup1QHr74krX8PCuejWM0=
=+nTM
-----END PGP SIGNATURE-----
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription:
http://v2.listbox.com/member/?member_id=2183229&id_secret=78382947-23b158
Powered by Listbox: http://www.listbox.com