On Wed, Oct 15, 2003 at 10:13:58AM -0600, Jason wrote:
Well.. If you don't like the random junk testing of a domain for SPF
compliance.. then think of it this way.
At the very least, it assures that the domain you are testing is
properly configured for SPF. SPF validation on a domain is
worthless (for that domain) if someone just uses a wildcard to allow all.
What would you do then ? Systematically refuse mail from wildcard-SPF
? If not (and I believe, probably not), what's the point ? You accept
the mail, anyway.
Checking wildcard can be useful at the policy level : this would be a
nice addition to spamassassin scoring.
I don't really see why a spammer would do that, anyway. For the time
being, no SPF support at all by the domain would make the mail
accepted by the MTA. By wildcarding, the spammer would simply risk a
bad score in spamassassin, which he obviously wants to avoid.
As somebody pointed out, the spammer could just list the hundred,
maybe thousands hosts he's (probably illegally) using to relay its
mails. Somewhat more expensive, but way more efficient for him.
At which point, one can hopefully lookup throw-away-012012.com in
whois and trace back to the spammer. And sue him. Registries are being
required by ICANN to keep acurate records of domain holders.
--
Nicolas Bougues
Axialys Interactive
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡