At 02:33 23/01/2009 Friday, Stuart D. Gathman wrote:
On Thu, 22 Jan 2009, alan wrote:
no you mis-understand i was countering my own standard sub-domain argument
with redirects as the solution the 3 redirects to 3 separate {standard or
entirly up to the user} subdomains carry less *byteweight* than an average
spf and sender-id record combined
You are correct. I didn't notice the redirect. Very good compatible solution.
Might be able to make a bind macro or failing that a preprocessor.
The only drawback is that it uses up one of the 10 lookups.
true but most would rather waste 1 on a careful redirect than kill future
proofing
bonus of redirects for me is simply stick a %{o}. before the subdomain
and you have per user spf records
with either just records for exceptional users and a generic domain wide one
under
*.sub.domain
or as i prefer
user1.sub.domain TXT "v=spf1 a:mail.domain -all"
user2
user3
*.sub.domain TXT "v=spf1 -all" << the case i would love to add an extra
return code to spf3
for doesn't-exist {as in not fails{forged}
spf but just plain doesn't exist at
all{invalid}}
where user1-x are all your valid users
{though if publishing sender-id on per user you must remember to also add
postmaster@ and Mailer-Daemon(_at_)}
as these will be legit from's in any DSN's
I'm personally pro even firming things up in spf3 that say first record for a
domain must be a redirect
{and make lookups allowed +1}
(thus current clients {at least ones already talking sfp1 and sender-id} adding
support initially is easy{ish}, but enforcing the redirect can be added in
later}
and still hoping for the alternative to -all {for use when only prior records
have been redirects}
{or for clients to report a -all when all previous records have only been
redirects} as an extra return code "invalid-address/helo"
as currently the receiver cannot tell these failures from users choosing to
send mail from a source not listed in BIGISP-WITH-BAD-SPF's servers
I'd like to kill forgeries dead
{and follow receiving users preference for the other {most users choose to
recieve{tagged} SPF failing mail} as a still significant amount of good mail is
failing spf, guessing broken/outdated spf records for many}
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com