spf-discuss
[Top] [All Lists]

Re: *****SPAM***** Re: SPF is not usable as legal measure against spammers.

2004-07-15 14:29:41
On Thu, 15 Jul 2004, Nico Kadel-Garcia wrote:

But for example: let's say I target "aol.com" to allow me to send spam in
their name. I buy an address for which I get to publish the PTR, say
10.11.12.13. I set up a PTR record that calles this address
"spamsucker.mx.aol.com".

Voila, I am now able to slip past AOL's SPF records by having a PTR that
points to an mx.aol.com hostname. AOL will get cranky about it if they
notice me doing it, and ARIN will get upset about me creating a PTR to a
domain that I don't own, but there is nothing that demands that PTR's match
*ANY* of the A records for an IP address.

SPF, for one, demands that PTR's match the A record.  For that matter,
every internet application I've ever used ignores PTR records that do
not match any A record for the name.  Perhaps you known of some (made by
Microsoft?), but it is irrelevant since SPF specifically requires that PTR
records match with an A record for the name.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.


<Prev in Thread] Current Thread [Next in Thread>