On 2014-08-15 12:05, John Hardin wrote:
"exists:"? (looks up SPF syntax) (boggle) WTF is the sane use case for "exists:"??

Imagine something like:

exists:%{l}.%{o}.%{i}._spf.webhost.example

This might allow me to PASS only messages coming from addresses that actually exist, and are from the correct server. (Sure, the sending server really should enforce this itself, but not all do)

Or I could get more complicated, PASS message from addresses that exist from the correct server, NEUTRAL from addresses that exist when the message is from an incorrect server, and fail everything from invalid addresses no matter what:

exists:%{l}.%{o}.%{i}._spf.webhost.example ?exists:%{l}.%{o}._any._spf.webhost.example -all

With other types of macro expansion, you could query a DNS backend that returns responses from database or algorithmically rather than based on static SPF rules written in DNS as text.

Arguably most of it is needlessly complex in practice, but it's still a neat idea, or would be, if SPF FAIL were universally enforced.

Even without FAIL enforcement though, exists: can be used as a logging mechanism to track forgeries, similar to DMARC's feedback mechanism.

--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren


Reply via email to