spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re[2]: Greeting Card sites catching on

2004-07-11 12:14:19
from [James Couzens] [Permanent Link] 
On Sun, 2004-07-11 at 09:11, Andrew G. Tereschenko wrote:

[James Couzens]

*.spftools.net. IN TXT "v=spf1 redirect=spftools.net"


As I've originaly noted - this will not work if

www IN A 10.1.2.3
or
www6 IN AAAA 2001:1::80
or
mailme IN MX 10.2.3.4

will appear in DNS configuration.

nslookup -q=txt www
or
nslookup -q=txt www6
or
nslookup -q=txt mailme

will not return your wildcard.
You have to add IN TXT records for them manualy (or modify DNS server
software).
A bunch of TXT records, IMHO.
Secondary servers requesting domain zone transfers will be unhappy ;-)


It works fine, perhaps not for the application apparently being
addressed in this conversation, so I was a little off topic.  That being
said using wildcard's is an easy way to deter spammers from making up
subdomains on your network that don't exist (I'm unsure if A) this even
happens and if B) there is any value).

This is what "best guess" is all about and why its in libspf and a
number of other implementations.  You shouldn't have to publish for
anything more than legitimate services.  If you know your network and
you are worth your weight in salt then you shouldn't have too many
problems.  I'd love to see some good statistical data showing that this
particular area is being abused.

So.... if you are a greeting card or otherwise associated business, you
publish a few more records, no big deal I don't think.  I believe the
good out weighs the bad.

As for secondary name servers requesting zone transfers, I can't see
them being unhappy, its not like we're talking about a lot of
records....  And if we are, there are many people using rsync which is a
healthy alternative to AXFR.

Cheers,

James

-- 
James Couzens,
Programmer
-----------------------------------------------------------------
http://libspf.org -- ANSI C Sender Policy Framework library
http://libsrs.org -- ANSI C Sender Rewriting Scheme library
-----------------------------------------------------------------
PGP: http://gpg.mit.edu:11371/pks/lookup?op=get&search=0x6E0396B3

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Send us money!  http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

Attachment: signature.asc
Description: This is a digitally signed message part

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Reputation Services and HELO/EHLO Checking For Unified SPF, Hector Santos
Next by Date:  Re: Re[2]: Greeting Card sites catching on, Andrew G. Tereschenko
Previous by Thread:  Re: Re[2]: Greeting Card sites catching on, Michael Weiner
Next by Thread:  Re: Re[2]: Greeting Card sites catching on, Andrew G. Tereschenko
Indexes:  [Date] [Thread] [Top] [All Lists]