[ietf-dkim] Re: DNS wildcarding behavior scenarios
nobody at xyzzy.claranet.de
Mon Jun 18 15:03:22 PDT 2007
Douglas Otis wrote:
> Both wildcard and non-wildcard records need to be placed at _every_
> valid node existing within the zone.
Yes, thanks for the correction, the wildcard counts as "at", not as
"below". I had that wrong. But the opposite was hopefully okay, a
wildcard above an existing node isn't visible at or below this node.
IOW to cover everything below x.example you'd need wildcards at all
existing nodes below x plus x itself. For SPF it was simpler to
ignore the issue, nodes without MX and without IP anyway can't send
mail, or rather they can try, but it's possible to reject this crap.
For SPF you only need wildcards where they already are (MX, A, or
No recipe for SSP unfortunately, nobody checks 2822-From addresses
for plausibility at the MX, rejecting anything that can't be okay.
More information about the ietf-dkim