On Tue, Feb 03, 2004 at 07:51:31PM -0500, Marc Alaia wrote:
|
| Is there a way to differentiate between a domain not having a TXT record and
| not existing at all?
|
| For example, if an email comes in that is from user(_at_)example(_dot_)com,
but
| example.com does not exist or does not make sense (I just got 5 messages
| from "UEXSVBPD(_at_)eager farmington current paper controversy nostradamus
| eastern demon aug mckenna berra shipmate thunderstorm microbial credential
| counterfeit trapezoidal coerce" as reported by my SPF Proxy log). To me,
| this is about the same as an explicit SPF Fail. If the domain is not
| registered, then the email cannot come from that domain!
|
| Since SPF does not address this scenario (right?), couldn't spammers just
| use non-existant domains?
Everybody should check for A and MX before doing SPF. In Postfix, this
rule is called reject_unknown_sender_domain.
See http://www.postfix.org/uce.html#smtpd_sender_restrictions
reject_unknown_sender_domain
Reject the request when the sender mail address has no DNS A or MX
record. The unknown_address_reject_code parameter specifies the response
code for rejected requests (default: 450). The response is always 450 in
case of a temporary DNS error.
This is another one everybody should check:
reject_non_fqdn_sender
Reject the request when the address in the client MAIL FROM command is
not in fully-qualified domain form. The non_fqdn_reject_code specifies
the response code to rejected requests (default: 504).
As SPF becomes more popular, I expect people to also check RHSBLs before
doing SPF.
reject_rhsbl_sender domain.tld
Reject the request when the sender mail address domain is listed with an
A record under domain.tld. The maps_rbl_reject_code parameter specifies
the response code for rejected requests (default: 554), the
default_rbl_reply parameter specifies the default server reply, and the
rbl_reply_maps parameter specifies tables with server replies indexed by
RBL domain.
If the spammer is using SPF, he'll be in the RHSBL already so no need to
even test SPF.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡