David MacQuigg wrote:
I can't think of any example where the MSA and Transmitter
would be in separate ADMDs.
I can, it's onee reason why I don't like the ADMD abstraction,
it's too fine grained. For the overall picture MON is better,
how it's organized internally in ADMDs is often irrelevant -
as long as you know that there *could* be differents ADMDs.
So for SPF we need to know that there can be relays "behind"
the MSA still belonging to the MON. And there can be also
different MSAs (e.g. internal RADIUS vs. roaming AUTH users).
Permitting them all in a sender policy is okay, listing only
"mailout" border MTAs is okay, but forgetting a rarely used
border MTA can be fatal. To what ADMD they belong is less
interesting. Webmail could be outsourced, or DKIM signing,
or outgoing AV checks. If the MSAs support RFC 4409 6.1 an
MTA "behind" the MSA (still in the MON) can report errors
to the originator, otherwise I don't understand the setup ;-)
Even an MSA will have an MX record, if Senders are expected
to reach it from a remote location.
Roaming users can copy the relevant MSA names from an internal
page of their ISP when they configure their laptops or other
mobile devices, a query=mx won't help them to get this right.
Frank
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription:
http://v2.listbox.com/member/?member_id=2183229&id_secret=87330604-983de2
Powered by Listbox: http://www.listbox.com