On 9/23/18 1:42 PM, Henrik Krohns wrote:
On Sun, Sep 23, 2018 at 12:25:36PM -0500, Dave Jones wrote:
Consider the difference between these two SPF records:
# dig email.chase.com txt +short
"v=spf1 include:epsl1.com -all"
# dig chase.com txt +short
"v=spf1 a:spf.jpmchase.com ip4:207.162.228.0/24 ip4:207.162.229.0/24
ip4:207.162.225.0/24 ip4:196.37.232.50 ip4:159.53.46.0/24 ip4:159.53.36.0/24
ip4:159.53.110.0/24 ip4:159.53.78.0/24 include:tpo.chase.com -all"
Do this make sense that *@*.chase.com is safer to trust than *@chase.com?
Honestly I have no idea. As I don't have any decend mail feed these days,
doesn't seem like I can help much. Some local domains I checked, subdomain
or not, point to many different companies and mailers. To judge them worthy
globally whitelisting does require data, experience and contacts, so I'm
happy to leave this stuff to you and others. :-)
-hk
I was only referring to the SPF record difference since you pointed out
how unsafe it would be to trust some SPF records with includes that
expand out to a large number of IPs.
The two SPF records above are VERY different which supports the logic I
listed out.
Dave
