On 2014-08-15 12:05, John Hardin wrote:
"exists:"? (looks up SPF syntax) (boggle) WTF is the sane use case for
"exists:"??
Imagine something like:
exists:%{l}.%{o}.%{i}._spf.webhost.example
This might allow me to PASS only messages coming from addresses that
actually exist, and are from the correct server. (Sure, the sending
server really should enforce this itself, but not all do)
Or I could get more complicated, PASS message from addresses that exist
from the correct server, NEUTRAL from addresses that exist when the
message is from an incorrect server, and fail everything from invalid
addresses no matter what:
exists:%{l}.%{o}.%{i}._spf.webhost.example
?exists:%{l}.%{o}._any._spf.webhost.example -all
With other types of macro expansion, you could query a DNS backend that
returns responses from database or algorithmically rather than based on
static SPF rules written in DNS as text.
Arguably most of it is needlessly complex in practice, but it's still a
neat idea, or would be, if SPF FAIL were universally enforced.
Even without FAIL enforcement though, exists: can be used as a logging
mechanism to track forgeries, similar to DMARC's feedback mechanism.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
