ietf-asrg
[Top] [All Lists]

Re: [Asrg] SPF is only useful to dupe the ignorant...

2004-09-10 17:44:18
Why do you think ATT is going to publish SPF records for
adsl-24-73-19-222.att.net?  Do you think they _want_ to validate
outgoing email from that domain?

It's their dsl customer, why wouldn't they?

I am not a big fan of SPF, but it sounds like you're misunderstanding
what it does.  SPF is a map from the domain in a bounce address to a
set of IP addresses.  The SPF entry for worldnet.att.net or for
att.net is going to list AT&T's outbound mail servers, not the whole
DHCP farm.  There probably wouldn't be an entry for adsl-24-73-19-222.att.net
since you don't see much mail from 
fred(_at_)adsl-24-73-19-222(_dot_)att(_dot_)net(_dot_)

One thing that SPF doesn't do very well (nor do most of its
competitors) is to provide an efficient way to denounce mail from your
subdomains.  It's easy enough to say no mail, that's "-all", but you
have to put the SPF record on every subdomain that a bad guy might
use.  You can try to use DNS wildcards, but you still need an SPF
record for each name for which you have an A record or anything else,
so the DNS bloat is severe.

This isn't SPF's worst problem, the large amount of real mail that it
marks as bogus is much worse.

Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet 
for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor
"I shook hands with Senators Dole and Inouye," said Tom, disarmingly.



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg