At 09:57 PM 1/10/2009 -0500, Stuart D. Gathman wrote:
On Sat, 10 Jan 2009, David MacQuigg wrote:
Here is my suggestion for an "all purpose" SPF record, covering both the HELO
and Mail From Identities:
Generally, the HELO domain is different from the MAIL FROM domain, so there
is no conflict.
example.com TXT "v=spf1 mx -all"
mx1.example.com TXT "v=spf1 a -all"
mx2.example.com TXT "v=spf1 a -all"
We need a way to use *one record* for both the MAIL FROM and HELO checks. Very
few domains publish SPF records for each and every HELO name. I don't believe
"evangelism" will ever change that.
For example, google.com's SPF record authorizes 147456 addresses:
+++>>> 3: SPF records
-->3a: v=spf1 include:_netblocks.google.com ~all
64.18.0.0/20 4096
64.233.160.0/19 8192
66.102.0.0/20 4096
66.249.80.0/20 4096
72.14.192.0/18 16384
74.125.0.0/16 65536
207.126.144.0/20 4096
209.85.128.0/17 32768
216.239.32.0/19 8192
Totals: 9 147456
We can't expect them to publish that many SPF records. A better alternative is
to say that an SPF record will apply in a simpler way to HELO names (ignoring
?all and all the troublesome mechanisms that have generated so much opposition).
-- Dave
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com