On Tue, 2005-06-28 at 03:44 +0200, Daniel Lorch wrote:
<SNIP M$ marketing bull, yup in this case I don't like the M$ way...>
Coincidentially, I checked aol.com's SPF record today and I found this. I don't have the full "bigger picture" yet, but I believe these are Classic SPF records AND a Sender ID record - split up in two TXT records:
$ dig +short txt aol.com
"spf2.0/pra ip4:152.163.225.0/24 ip4:205.188.139.0/24 ip4:205.188.144.0/24 ip4:205.188.156.0/23 ip4:205.188.159.0/24 ip4:64.12.136.0/23 ip4:64.12.138.0/24 ptr:mx.aol.com ?all"
"v=spf1 ip4:152.163.225.0/24 ip4:205.188.139.0/24 ip4:205.188.144.0/24 ip4:205.188.156.0/23 ip4:205.188.159.0/24 ip4:64.12.136.0/23 ip4:64.12.138.0/24 ptr:mx.aol.com ?all"
Which is.... the same record only a different header, thus double the DNS data. Not very convenient. Also the ?all on the end just means soft-fail, thus one can still fake the source from the complete internet, maybe some SA's will score it higher, but that is it. Thus this is a PR(A)etty useless setup.
This kind of works better: us.ibm.com TXT "v=spf1 mx a:d25xlcore001.ca.ibm.com ~all" ibm.com TXT "v=spf1 -all"
At least this doesn't allow any mail to bend out at all :)
<SNIP License crap>
You won't need to obtain any licences if you are only publishing SPF records and want to be compatible with Hotmail. You'll only have to if you use Sender ID technology to check Emails. And even then, it's going to be free.
What is the use of this if you can't check it? Then basically, the people not getting the license are not allowed to verify that hotmail.com is or is not sending you spam again. Futile!
Greets, Jeroen