On 3-Jul-09, at 1:49 PM, Alessandro Vesely wrote:
Hi,
I write this note in case someone is going to write a new version of
the standard: an equality relationship between SPF records is not
currently defined.
SPF cannot be used to identify that two mail domains work in the
same way. If two domains share the same set of hosts for inbound and
outbound mail, then one would call them virtual (or vanity) domains.
Recognizing such a state of affairs can simplify tasks related to
recognizing accountability to an organization for messages that they
send on behalf of one of those mail domains.
While it is fairly simple to check that two domains share at least
one primary MX (which can be done without comparing IP addresses), a
similarly obvious test for SPF does not exist. Usage of the
"include" mechanism is fairly obvious, but not quite standardized,
nor mandated. Would it make sense to require that an SPF record for
a virtual domain contains _exactly_ a specified form of "include"?
Currently, to recognize that two SPF records are equal, it seems
necessary to run the check function for the whole address space. Or
is there a feasible method?
I think 'redirect' is tan acceptable method to address this. At least
that's what I use.
Set up one SPF policy for the main domain and then redirect all
virtual domains that use the same parameters to the main domain's SPF
policy.
--
Gino Cerullo
Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6
416-247-7740
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com