Mailing List Archive: soft pass?!?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dave Wanta wrote:
> I remember reading somewhere that if a SPF record doesn't exist for a
> domain, you can make one up that is fairly accurate (something like a
> /24 of the location of the MX). I believe it resulted in a possible
> SoftPass(?) result. Does that make sense? For the life of me, I can't
> seem to find the default record that could be used.

That's because best-guess[1] (that's what it's called) is non-standard.
It's a crude attempt at guessing a domain's outgoing mailservers IP
address range. "Non-standard" means it is _not_standardized_ and specific
to the implementation!

The first SPF implementation that offered best-guess was Mail::SPF::Query
[2]. M:S:Q's best-guess mechanism (if enabled) works like this: if a
domain has no SPF record, the following synthetic record is used:

v=spf1 a/24 mx/24 ptr ?all

This is based on the assumption that "legitimate" outgoing mail servers
are in the same class C netblock as the domain's host (a) and MXes (mx).
"?" causes a "Neutral" result as a fallback, which must be treated by
receivers as if no SPF check had been performed.

Other implementations may implement best-guess differently or not at all.
(I'd recommend not implementing it at all.)

("?"/"Neutral" has nothing to do with the obsolete "SoftPass" concept.)

Julian.

References:
1. http://new.openspf.org/FAQ/Best_guess_record
2. http://search.cpan.org/dist/Mail-SPF-Query/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFETAGHwL7PKlBZWjsRAqEEAJ0cWL5F6Y6BHubaYDrEcca0VBzkHwCfVCRJ
vwyEKhBEMdoR+hmMdduRYU8=
=3eha
-----END PGP SIGNATURE-----

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com