On Sun, 11 Jan 2009 05:00:25 -0700 David MacQuigg
<dmquigg-spf(_at_)yahoo(_dot_)com>
wrote:
At 09:57 PM 1/10/2009 -0500, Stuart D. Gathman wrote:
On Sat, 10 Jan 2009, David MacQuigg wrote:
Here is my suggestion for an "all purpose" SPF record, covering both
the HELO
and Mail From Identities:
Generally, the HELO domain is different from the MAIL FROM domain, so
there
is no conflict.
example.com TXT "v=spf1 mx -all"
mx1.example.com TXT "v=spf1 a -all"
mx2.example.com TXT "v=spf1 a -all"
We need a way to use *one record* for both the MAIL FROM and HELO checks.
Very few domains publish SPF records for each and every HELO name. I don't
believe "evangelism" will ever change that.
For example, google.com's SPF record authorizes 147456 addresses:
+++>>> 3: SPF records
-->3a: v=spf1 include:_netblocks.google.com ~all
64.18.0.0/20 4096
64.233.160.0/19 8192
66.102.0.0/20 4096
66.249.80.0/20 4096
72.14.192.0/18 16384
74.125.0.0/16 65536
207.126.144.0/20 4096
209.85.128.0/17 32768
216.239.32.0/19 8192
Totals: 9 147456
We can't expect them to publish that many SPF records. A better
alternative is to say that an SPF record will apply in a simpler way to
HELO names (ignoring ?all and all the troublesome mechanisms that have
generated so much opposition).
It's up to them. It'll not like they write their zone files by hand.
Adding HELO records is trivial scriptable.
We had a tree walking algorithm in some pre-RFC draft, but it proved
problematic and was removed.
Scott K
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com