On Fri, 14 Jun 2013 12:38:47 +1200 Jason Haar wrote: > On 14/06/13 07:08, Neil Schwartzman wrote: > > Sure is. Also DMARCed and SPFed too. > > > > ;; QUESTION SECTION: > > ;paypal.com <http://paypal.com>.INTXT > > > > ;; ANSWER SECTION: > > paypal.com <http://paypal.com>.7INTXT"v=spf1 > > include:pp._spf.paypal.com <http://spf.paypal.com> > > include:3rdparty._spf.paypal.com <http://spf.paypal.com> > > include:3rdparty1._spf.paypal.com <http://spf.paypal.com> > > include:3rdparty2._spf.paypal.com <http://spf.paypal.com> > > include:c._spf.ebay.com <http://spf.ebay.com> ~all" > > > > Yeah but notice "~all" is not "-all". ie they are saying that > legitimate Paypal email comes from those specific sources - except > when it doesn't
It's possible that the domains are also used for the mail of paypal employees. > > I don't understand why "~all" exists at all. It's like a "checkbox" > security feature: "oh yeah, our domain uses SPF!" IIRC the original intention was that "-" would be used for outright rejection, and "~" as information for spam filters.
