James Craig Burley wrote:
Interesting. However, the record containing all the ingredients of DNS for a domain (including SPF) is not "published" at one top level authority. Just a pointer exists. And the TLD/root is not one machine, "it" is dozens or more. And the domain record itself is on at least one machine, perhaps many. And a cache or two (barely) makes it more complicated. I guess my point is that spoofing/hacking is not likely to happen. I am not saying anything about if it is possible.
Put another way: are you sure you will be able to trust *all* SPF records published in the .cn domain? The .ru domain? The .biz domain?
But here is the deal. It costs about $7 USD to buy a throw-away domain and set up DNS with SPF so that email servers around the world will accept the mail. It would cost a heck of a lot more to use someone else's domain if SPF is used on a large scale level.
Making SPF dependent on IP address is not only bad politics, it is not practical. Actually it won't work. One thing, you would have plenty of cases where an ip can send mail for thousands or more domains. That would be a neat trick. You can have thousands of dns records with a little bit of TXT info each, but you can't realisticly have a dns record with a bible full of TXT info. The other thing, you could easily claim your IP can send mail for any domain.
Waitman
