On Fri, 19 Mar 2004, Lyndon Eaton wrote:
They don't have an SPF record so people using only SPF are
still accepting the offending mail, presumably.
...
OTOH some people are _already_ rejecting this mail without
needing to wait for anything new. For example, this is what
happens if you try to send it to me...
220-pentafluge.infradead.org ESMTP Exim 4.30 Fri, 19 Mar 2004
16:47:01 +0000 220 Be gentle with me helo me 250
pentafluge.infradead.org Hello me [2002:c35c:f9fc::1] mail
from:<martyn(_dot_)cattermole(_at_)assetz(_dot_)com>
250 OK
rcpt to:<dwmw2(_at_)infradead(_dot_)org>
550-Verification failed for <martyn(_dot_)cattermole(_at_)assetz(_dot_)com>
550-Called: 212.53.64.41
550-Sent: RCPT TO:<martyn(_dot_)cattermole(_at_)assetz(_dot_)com>
550-Response: 550 unknown user
550 Sender verify failed
How does that work?
They are contacting an MX server for assetz.com, and checking if the
purported user really exists.
Another approach is to 'guess' when SPF returns 'none'. Guess is a heuristic
that pretends the sending domain has a generic SPF record. For example,
Since assetz.com doesn't publish an SPF, you might pretend that
they published "V=spf1 a ptr mx -all". More generous versions accept
IPs in the same /24 subnet as an IP derived from A, PTR, and MX.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Very few of our customers are going to have a pure Unix
or pure Windows environment." - Dennis Oldroyd, Microsoft Corporation