For people that hate wildcards in DNS....
Would something like (bind example)
_smtp_client.example.com. TXT "SPF=compatible"
Would this work? If you don't get the "SPF=allow" TXT option in your original
dns request, you can check for that explicit domain.
If the "SPF=compatible" comes back, then you know that you can deny the email
based on the SPF settings.
----- Original Message -----
From: "Paul Wouters" <paul(_at_)xtdnet(_dot_)nl>
To: "pna.lists" <pna(_dot_)lists(_at_)seznam(_dot_)cz>
Cc: <anti-spam-wg(_at_)ripe(_dot_)net>;
<spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Wednesday, October 08, 2003 6:13 AM
Subject: [spf-discuss] Re: Domain spoofing - was Re:
[anti-spam-wg(_at_)ripe(_dot_)net] I wrote a spam filter in Perl
On Wed, 8 Oct 2003, pna.lists wrote:
Shouldn't we start implementing SPF?
http://yro.slashdot.org/article.pl?sid=03/10/06/0044200
http://spf.pobox.com/
"We're in an experimental stage right now: we need lots of domains to publish
SPF records so we can see if there's anything wrong with the idea of
wildcards and TXT records"
The idea of advertising who is allowed to send for a domain is good. I had
talked to various people about the idea of doing this with the MX record,
but obviously not everone has incoming and outgoing mailservers on the
same box.
Doing it in TXT records is clumsy. We (as in IETF dnsex group) are doing
something
really wrong if people need to keep abusing the TXT records for stuff. I guess
it would be good to start with, but ideally a new RRtype should be used.
Last, since I'm personally doing lots of dnssec stuff, I really do not want
to put
in wildcards in my dns. My hatred for wildcards is only marginally less then
my
hatred for spam.
I'd implement a similar idea that does not depend on wildcards immediately
for all
our domains, which if they are .nl domains, are then even dnssec signed as
well.
(now let's all push RIPE to sign the their in-addr.arpa zones :)
Paul
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡