I have had good results with this:
+exists:CL.%{i}.FR.%{s}.HE.%{h}.null.spf.mydomain.com
Results look like this:
06-Jan-2004 16:17:44.424 queries: XX
/12.161.104.2/CL(_dot_)24(_dot_)92(_dot_)55(_dot_)231(_dot_)FR(_dot_)4JAs2penelopePrJfC\(_at_)mydomain(_dot_)com(_dot_)HE(_dot_)null(_dot_)s
pf.altavista.com/A/IN
I have had sketchy results with %{h} (helo) but the from address %{s} is
pretty consistent...
Good luck
--On Tuesday, January 06, 2004 12:09 PM -0800 Kelson Vibber
<kelson(_at_)speed(_dot_)net> wrote:
We recently published SPF records for several domains we host. A scheme
of this sort that's actually at the "Lets encourage people to try it out"
stage was very attractive, since spammers have started forging our
primary domain name. A lot.
Chances are good some of our users are sending through other ISPs, so
we're not ready to add "-all" to the record just yet. Yesterday I
implemented the method suggested by the FAQ to find remote users. Our
record currently ends with "exists:%{u}.%{i}._spf.speed.net ?all".
In the day since we turned this on, we've had 6 hits, but only two have
actually included the username. The rest only show up as queries for
ipaddress._spf.speed.net. We can't tell whether those other messages
were from valid remote users or from spammers.
My guesses:
- Some SPF implementations don't expand %{u}
- Some SPF implementations will only expand one macro per query
- Some SPF implementations will do multi-step exists: lookups (i.e. make
sure %{i}._spf.speed.net exists before trying %{u}.%{i}._spf.speed.net) -
Mail with just @speed.net as the envelope sender is getting handed to SPF
instead of being rejected for having a malformed address. - I have
configured something wrong.
So I've got a couple of questions:
1. Is right before "?all" the right place to put exists: for these
purposes? 2. Should I create a wildcard under _spf.speed.net and change
it to "?exists:"? 3. Should I just assume some clients will only make
partial lookups and not worry about it?
Thanks in advance!
Kelson Vibber
SpeedGate Communications <www.speed.net>
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡