mazieres(_at_)gmail(_dot_)com <mazieres(_at_)gmail(_dot_)com> wrote:
On Fri, 27 Aug 2004 19:15:31 -0400, John Leslie <john(_at_)jlc(_dot_)net>
wrote:
...
We then evaluate the list of IPs authorized by the SPF2 record,
and run them against known IP blacklists; accumulating a score based
on weighting the reputation of those blacklists for spam identified,
false negatives, and false positives.
This might usually work, but what do you do about the exists and ptr
mechanisms? In general there is no practical and 100% reliable way to
produce a list of IP addresses authorized by an SPF2 record.
I didn't want to get into that level of detail -- and I especially
don't want to tell reputation services how to run their business...
But you are correct to note that exists and ptr are too close for
comfort to the +all mechanism. IMHO, one would have to treat them as
"+all" unless you have access to a large enough corpus of actual
queries and replies to limit the set of IP addresses apparently
authorized. (I don't believe monte carlo techniques are workable.)
How large "large enough" is, I leave as an exercise to the student.
--
John Leslie <john(_at_)jlc(_dot_)net>