spf-discuss
[Top] [All Lists]

Using exists: to find remote senders?

2004-01-06 13:09:19
We recently published SPF records for several domains we host. A scheme of this sort that's actually at the "Lets encourage people to try it out" stage was very attractive, since spammers have started forging our primary domain name. A lot.

Chances are good some of our users are sending through other ISPs, so we're not ready to add "-all" to the record just yet. Yesterday I implemented the method suggested by the FAQ to find remote users. Our record currently ends with "exists:%{u}.%{i}._spf.speed.net ?all".

In the day since we turned this on, we've had 6 hits, but only two have actually included the username. The rest only show up as queries for ipaddress._spf.speed.net. We can't tell whether those other messages were from valid remote users or from spammers.

My guesses:

- Some SPF implementations don't expand %{u}
- Some SPF implementations will only expand one macro per query
- Some SPF implementations will do multi-step exists: lookups (i.e. make sure %{i}._spf.speed.net exists before trying %{u}.%{i}._spf.speed.net) - Mail with just @speed.net as the envelope sender is getting handed to SPF instead of being rejected for having a malformed address.
- I have configured something wrong.

So I've got a couple of questions:
1. Is right before "?all" the right place to put exists: for these purposes?
2. Should I create a wildcard under _spf.speed.net and change it to "?exists:"?
3. Should I just assume some clients will only make partial lookups and not worry about it?

Thanks in advance!


Kelson Vibber
SpeedGate Communications <www.speed.net>

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡


<Prev in Thread] Current Thread [Next in Thread>