On Wednesday 06 June 2012 11:52 PM, Balasubramaniam Natarajan wrote: > I am taking ici...@nk.com and p@y...@l.com as just examples do not come > after me for that :-( >
:D No problem. Nice examples as it contains an "include" record as well. > So in this case of ici...@nk.com they are very explicitly telling that > do not accept any email other than the IP specified below and for > p@y...@l.com how can we determine the authenticity of the mail received > ? > Unfortunately you cannot do it based on just this. The best solution is to write to Paypal asking them to create a proper hard fail record(-all) instead of(~all). I am not very sure, but there must be means to add a custom header, something like X-SPF-Check, and ask the people in your domain to have a filter based on that header field. If the header is set, the mails should be handled with caution as it can be a spoof mail. But in my opinion, it is in everyone's interest that Paypal defines a proper fail record. Thanks PS: On a GNU/Linux machine, if you install dnsutils package, you get the 'dig' tool. It is very easy to use, instead of using an external website. dig -t txt icicib@nk.d0m would return all its text entries, and hence its SPF records. -- Thank you, Balachandran Sivakumar blog: http://beningbala.wordpress.com Arise, Awake and Stop Not Till the Goal is Reached - Swami Vivekananda _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc