On Sep 28, 2018, at 9:48 AM, bOnK wrote:
A better idea might be testing if SPF for a external domain would pass on your
own server.
>
> This is what milter greylist does.
> http://hcpnet.free.fr/milter-greylist/
>
> Though probably exceptional, according to the RFC +all *can be* restrictive...
> https://tools.ietf.org/html/rfc7208
>
> A.4. Multiple Requirements Example
>
> Say that your sender policy requires both that the IP address is
> within a certain range and that the reverse DNS for the IP matches.
> This can be done several ways, including the following:
>
> example.com. SPF ( "v=spf1 "
> "-include:ip4._spf.%{d} "
> "-include:ptr._spf.%{d} "
> "+all" )
> ip4._spf.example.com. SPF "v=spf1 -ip4:192.0.2.0/24 +all"
> ptr._spf.example.com. SPF "v=spf1 -ptr +all"
>
> This example shows how the "-include" mechanism can be useful, how an
> SPF record that ends in "+all" can be very restrictive, and the use
> of De Morgan's Law.
>
> --
> b.
