Den 02.01.2017 16.41, skrev A. Schulze: > > Am 02.01.2017 um 14:18 schrieb Sebastian Nielsen: >> OFC you must specify both unless you have completely disabled sending of >> outgoing mail via IPv6. > > I think, that's wrong > > One may publish records like "v=spf1 a -all" for a host mail.example.org > > mail.example.org. A 192.0.2.25 > mail.example.org. AAAA 2001:db8::6:25 > mail.example.org. TXT "v=spf1 a -all" > > This require two or three dns lookups. (1x TXT, 1x A and 1x AAAA depending on > the spf implementation) > > To save lookups and make the authentication more robust it's also possible to > specify the addresses explicit: > > mail.example.org. A 192.0.2.25 > mail.example.org. AAAA 2001:db8::6:25 > mail.example.org. TXT "v=spf1 ip4:192.0.2.25 ip6:2001:db8::6:25 -all" > > this way one minimize the need for a receiver to do "many" lookups. You give > the receiver all information > with the first answer and thus have a higher chance the spf authentication > will succeed.
Good points on avoiding many lookups, thank you. However my other question remains: any knowledge of spammers actively taking advantage of "incomplete" SPF records, where only IPv4 addresses are specified but IPv6 is actively in use? .per
