spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: Domain spoofing - was Re: [anti-spam-wg(_at_)ripe(_dot_)net] I wrote a spam filter in Perl

2003-10-08 09:34:18
from [Jason] [Permanent Link] 
For people that hate wildcards in DNS....

Would something like (bind example)
_smtp_client.example.com.    TXT    "SPF=compatible"

Would this work?  If you don't get the "SPF=allow" TXT option in your original 
dns request, you can check for that explicit domain.
If the "SPF=compatible" comes back, then you know that you can deny the email 
based on the SPF settings.

----- Original Message ----- 
From: "Paul Wouters" <paul(_at_)xtdnet(_dot_)nl>
To: "pna.lists" <pna(_dot_)lists(_at_)seznam(_dot_)cz>
Cc: <anti-spam-wg(_at_)ripe(_dot_)net>; 
<spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Wednesday, October 08, 2003 6:13 AM
Subject: [spf-discuss] Re: Domain spoofing - was Re: 
[anti-spam-wg(_at_)ripe(_dot_)net] I wrote a spam filter in Perl



On Wed, 8 Oct 2003, pna.lists wrote:


Shouldn't we start implementing SPF?

http://yro.slashdot.org/article.pl?sid=03/10/06/0044200

http://spf.pobox.com/


"We're in an experimental stage right now: we need lots of domains to publish
SPF records so we can see if there's anything wrong with the idea of
wildcards and TXT records"

The idea of advertising who is allowed to send for a domain is good. I had
talked to various people about the idea of doing this with the MX record,
but obviously not everone has incoming and outgoing mailservers on the
same box.

Doing it in TXT records is clumsy. We (as in IETF dnsex group) are doing 
something
really wrong if people need to keep abusing the TXT records for stuff. I guess
it would be good to start with, but ideally a new RRtype should be used.

Last, since I'm personally doing lots of dnssec stuff, I really do not want 
to put
in wildcards in my dns. My hatred for wildcards is only marginally less then 
my
hatred for spam.

I'd implement a similar idea that does not depend on wildcards immediately 
for all
our domains, which if they are .nl domains, are then even dnssec signed as 
well.

(now let's all push RIPE to sign the their in-addr.arpa zones :)

Paul

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription,
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡


-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  new RR type, Meng Weng Wong
Next by Date:  removing the need for wildcards, Meng Weng Wong
Previous by Thread:  Re: SRV records, Eric S. Raymond
Next by Thread:  removing the need for wildcards, Meng Weng Wong
Indexes:  [Date] [Thread] [Top] [All Lists]