spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: which DNS does SPF record belong in + macro question

2004-01-21 22:49:32
from [wayne] [Permanent Link] 
In <MHEGIFHMACFNNIMMBACAGEJLHEAA(_dot_)nobody(_at_)spamcop(_dot_)net> "Seth 
Goodman" <nobody(_at_)spamcop(_dot_)net> writes:


Interland's outgoing MX's are distinct from their web hosting clusters.  All
their MX's, incoming, outgoing and transfer, operate from the
registeredsite.com/14 netblock, not from anything related to the
Interland.com IP addresses.  A /14 netblock is so big that it is at best a
weak test for forgeries.  


Several things in semi-random order.

First off, a /14 isn't really that large.  More importantly, if any
Interland.com customer starts forging your domain name, I would hope
that Interland.com would be willing to do something about it.


That said, it appears that Interland.com has more than a /14.  Doing a
"dig interland.com" shows that their name servers are on 64.226.28.33,
64.77.127.42, and 69.0.145.33, which is quite a spread.

The best tool that I know of to figure this stuff is to use
senderbase.org.  If anyone knows a better tool, please let me know!

For example, a search on interland.com shows quite a few IP addresses
that send email.  See:
http://www.senderbase.org/search?searchString=interland.com

This shows only one IP address that is sending email within the
interland.com domain name.  However, it does list the network operator
of INTERLAND.  Clicking on that link or typing that name into the
search box yeilds:
http://www.senderbase.org/search?searchBy=organization&searchString=INTERLAND


From there, it appears that you are correct, most of the email is

coming from the domain name of registerdsite.com.  More over, it looks
like you are pretty safe with using ptr:atl.registeredsite.com and/or
ip4:64.224.219.0/24



Anyway, this is how I've been tracking down this kind of thing.  If
anyone has other techniques for figuring out random domain's *OUTPUT*
SMTP servers, please let me know!


-wayne



-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Re: step by step deploment, ty lammy
Next by Date:  Re: Re: step by step deploment, wayne
Previous by Thread:  RE: which DNS does SPF record belong in + macro question, Seth Goodman
Next by Thread:  RE: which DNS does SPF record belong in + macro question, Seth Goodman
Indexes:  [Date] [Thread] [Top] [All Lists]