On 14-May-2009, at 21:57, Mark wrote:
"v=spf1 mx a:spf.orange.es ip4:213.143.52.0/24 -all"
What's the CIDR there for if not to identify the valid range of IPs
for the SPF records?
Wait a minute, are they saying that their ENTIRE CLASS C is allowed
to send mail 'from' orange.es?
The /24 CIDR covers the 213.143.52.0-213.143.52.255 range. Why does
that strike you as so strange? :)
Yes, but as I understand it the IPs you specify in the SPF should only
be IPs that SEND mail. So, for example, if you have a single mail
server that sends and receives all the mail for your domain, your spf
would look like this:
"v=spf1 mx ~all"
Because the only valid source for mail is your single mail server
which is defined by the mx fields. If you had two mail servers, an mx
and a second server that was not the mx but sent mail out, then you
might have a spf like this:
"v=spf1 mx a:mail2.example.com ~all"
But you would ONLY use that if mail2 was a server that directly sent
outbound mail.
What orange.es is saying is that their mailservers are any machine
named spf.orange.es (all 42 of them) AND the entire (unrelated) class
C. That seems rather excessive as it specifies over 300 machines as
valid senders of orange.es mail.
--
*** AgentSmith sets mode: +m
