spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SPF is not usable as legal measure against spammers.

2004-07-16 08:24:32
from [Andriy G. Tereshchenko] [Permanent Link] 
From: <administrator from yellowhead.com>

At 06:33 AM 7/16/2004 -0400, Stuart D. Gathman <stuart from bmsi.com>

wrote:


SPF, for one, demands that PTR's match the A record.  For that matter,
every internet application I've ever used ignores PTR records that do
not match any A record for the name.  Perhaps you known of some (made by
Microsoft?), but it is irrelevant since SPF specifically requires that

PTR

records match with an A record for the name.


***************** REPLY SEPARATER ******************
That's interesting, because it is a very common practice these days to
service many domains from one IP address (we currently service 10 virtual
email domains from one server). You can publish multiple PTR records, but
unfortunately there are many programs out there that only look at the

first

one. Reliably matching up the PTR to the "A" record is virtually

impossible.




Short answer (can be outdatad a little bit, I've attempted to contact
Microsoft ITG team during last 2 months )-:

Error: 207.46.238.137 -> tide137.microsoft.com -> 212.157.154.42
Error: 131.107.3.73 -> tide69.microsoft.com  -> ??
Error: 131.107.3.74 -> tide74.microsoft.com  -> ??
Error: 131.107.3.79 -> tide79.microsoft.com  -> ??
Error: 131.107.3.84 -> tide84.microsoft.com  -> ??
Error: 131.107.3.85 -> tide85.microsoft.com  -> ??
Error: 131.107.3.86 -> tide86.microsoft.com  -> ??
Error: 131.107.3.92 -> tide92.microsoft.com  -> ??
Error: 207.46.228.4 -> gig3-0.iustsecurc1202.ntwk.msn.net  -> ??
Error: 207.46.238.124 -> gig0-0.tuk-72d-btd-1a.ntwk.msn.net  -> ??
Error: 207.46.238.125 -> gig0-0.tuk-72d-btd-1b.ntwk.msn.net  -> ??
Error: 207.46.238.132 -> gig3-6.iustsecurc6n02.ntwk.msn.net  -> ??
Error: 207.46.238.143 -> tide143.microsoft.com  -> ??
Error: 207.46.238.4 -> gig0-0.tuk-12f-btd-1b.ntwk.msn.net  -> ??

Scanning others Microsoft subnet can reveal additional wrong configurations.

Creating and maintaining correct PTR records are hard. Even for Microsoft
;-)



Some of thouse records resulted that I've to modify tcpd daemon wrappers
settings on my server.

Read "Host name verification" section on

http://athena.fit.qut.edu.au/cgi-bin/man/man2html?tcpd

Tcpd blocked access from thouse misconfigured IPs.



Also taking in account number of different users on my servers - I'm unable
to list all names from A records as PTR record data.

I think that PTR record verification for email is wrong and non-realible.

In no way I will be able to list 50+ different names (to match domain name)
in PTR record for single IP to satisfy this validation.



--
Andriy G. Tereshchenko
TAG Software
Odessa, Ukraine
http://www.24.odessa.ua
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: *****SPAM***** Re: SPF is not usable as legal measure against spammers., Nico Kadel-Garcia
Next by Date:  My last IETF Post, Chuck Mead
Previous by Thread:  Re: *****SPAM***** Re: SPF is not usable as legal measure against spammers., Nico Kadel-Garcia
Next by Thread:  Re: SPF is not usable as legal measure against spammers., Koen Martens
Indexes:  [Date] [Thread] [Top] [All Lists]