----- Original Message -----
From: "wayne" <wayne(_at_)midwestcs(_dot_)com>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Saturday, December 20, 2003 9:01 PM
Subject: Re: [spf-discuss] Arguments regarding "complexity"
R$-.$-.$-.$- $: $(host $4.$3.$2.$1.$f.HELO.$s._spf.domain.name. $:OK $)
I can't say that I've thought this through all the way, but this
appears to have some large holes in it that are open for possible
abuse and/or bugs. In particular, the HELO string can be almost
anything, including something that would screw up the parsing of this
domain.
That a HELO string can be forged, is not something we can blame SPF for. In
the above example, I do nothing more than construct a compound query, after
the example of Philip, consisting of %{ir} ($4.$3.$2.$1), the envelope FROM
($f), a .HELO. text separator, and the parsed HELO string ($s), as known to
sendmail. That information is no more, or less reliable, than when parsed
to, say, a Milter.
Are you sure that this format will lead to unambiguous and valid
DNS lookups?
Perhaps $s should be run through an extra rule, clearing it of illegal chars
(map regex). But I was just outlining the idea. Otherwise, if the separator
is unambiguous enough, yes, we should get valid DNS lookups. :) Philip used
a dot in his example; but it could also be a pipe symbol, or something else.
Whatever works. The local DNS tool would only have to extract the three
parts, and do a regular SPF query.
P.S. Thanks for your unrelenting defence of SPF in NANAE. :)
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡