"Mark Shewmaker" <mark(_at_)primefactor(_dot_)com> wrote:
Then if someone forges mail from their own IP address:
o The spf tests for mail froms of "user(_at_)example(_dot_)com" return FAIL.
o But the spf tests for mail froms of
"user(_at_)support(_dot_)example(_dot_)com"
will return UNKNOWN, (even though support.example.com doesn't
exist and a "host support.example.com" returns NXDOMAIN.)
--Guillaume Filion <gfk(_at_)logidac(_dot_)com> wrote:
It's allready a good idea to reject with a temporary error email with an
inexistant FROM domain. That's what I do, and it stops a lot of junk.
What he said. Also, sendmail default config out of the box is to reject
any mail from a nonexistent domain, since it could not be replied or
bounced it is assumed to be bogus.
I think it's pretty normal to issue a 5xx permanent rejection if the answer
was "this really doesn't exist" and is authoritative (NXDOMAIN) and a 4xx
temporary rejection if the DNS server was unreachable or similar.
It sort of sucks that you have to define SPF TXT records for everywhere you
have an MX or A already, but at least we don't have to worry much about
non-existent names. Essentially DNS already supports testing those for
validity without having to invent SPF.
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡