spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: how to protect the HELO using SPF

2004-02-25 12:49:12
from [list+spf-discuss] [Permanent Link]
--On Dienstag, Februar 24, 2004 15:51:12 -0600 wayne <wayne(_at_)midwestcs(_dot_)com> wrote: 
[...]

On a somewhat related subject, it would be nice if you could mark SPF
records as being valid for include: mechanisms only.  It is awfully
tempting to use something like include:%{l}.spf.%{d}, and have that
resolve to "v=spf1 +all" in some cases.  However, that opens up those
subdomains for being abused.
Just use an underscore as part of the subdomain. There can be no valid hostnames with this subdomain and thus any attempt to abuse it by faking mail addresses in this subdomain will fail even the most superficial syntactic check. 

Ralf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: how to protect the HELO using SPF, list+spf-discuss
Next by Date:  Re: Possible SPF machine-domain loophole???, list+spf-discuss
Previous by Thread:  Re: Redirect/Include Restriction --> was Re: how to protect the HELO using SPF, Hector Santos
Next by Thread:  Re: Possible SPF machine-domain loophole???, Brian Candler
Indexes:  [Date] [Thread] [Top] [All Lists]