spf-discuss
[Top] [All Lists]

Re: [spf-discuss] SPF on HELO - take 2

2009-01-11 07:04:13
At 09:57 PM 1/10/2009 -0500, Stuart D. Gathman wrote:

On Sat, 10 Jan 2009, David MacQuigg wrote:

Here is my suggestion for an "all purpose" SPF record, covering both the HELO
and Mail From Identities:

Generally, the HELO domain is different from the MAIL FROM domain, so there
is no conflict.

example.com             TXT "v=spf1 mx -all"
mx1.example.com         TXT "v=spf1 a -all"
mx2.example.com         TXT "v=spf1 a -all"

We need a way to use *one record* for both the MAIL FROM and HELO checks.  Very 
few domains publish SPF records for each and every HELO name.  I don't believe 
"evangelism" will ever change that.

For example, google.com's SPF record authorizes 147456 addresses:

+++>>> 3: SPF records
-->3a: v=spf1 include:_netblocks.google.com ~all
64.18.0.0/20           4096
64.233.160.0/19        8192
66.102.0.0/20          4096
66.249.80.0/20         4096
72.14.192.0/18        16384
74.125.0.0/16         65536
207.126.144.0/20       4096
209.85.128.0/17       32768
216.239.32.0/19        8192
        Totals:   9  147456

We can't expect them to publish that many SPF records.  A better alternative is 
to say that an SPF record will apply in a simpler way to HELO names (ignoring 
?all and all the troublesome mechanisms that have generated so much opposition).

-- Dave 





-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com