Stuart D. Gathman wrote:
Yes, I don't recommend the practice. But it *is* the only way to
have one SPF record for both MAIL FROM and HELO domains (by making them
the same domain). If anything, that should underscore why you don't
really want the same MAIL FROM and HELO policy.
If you have lots of MTAs behind a NAT, then wildcards could do the trick:
*.example.com TXT "v=spf1 a -all"
*.example.com A 1.2.3.4
However, those records are not recommended by rfc4408.
If they all have different IPs, then a script or smarter authoritative
DNS (PowerDNS) is in order.
The point is, there is no big problem that a competent admin can't easily
handle.
Based on my experience, I would agree. However, I see no record for,
say, *.google.com nor, e.g., mail-bw0-f19.google.com. Does that imply
that google's admins are not competent? More likely, they just didn't
find the time to do it.
Given the fact that most domains have no host record, we should
consider if SPF adoption is being hindered by too much complexity. Is
it be worth to slightly change the specs to account for that?
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com