On Wed, 21 Jul 2004 terry(_at_)ashtonwoodshomes(_dot_)com wrote:
Consider BIGISP.com, they have 1 mail server mail.bigisp.com
Little company abc.com buys a DSL account from bigisp.com, and they setup
their email to relay through mail.bigisp.com, and abc.com's spf record
indicates mail.bigisp.com is the only mail server abc.com email comes from.
The SPF record should look like this:
v=spf1 ?a:mail.bigisp.com -all
This marks mail.bigisp.com as the only mail server abc.com email could
possibly come from.
It would be wrong, however, to mark mail.bigisp.com with a '+'.
For the very reason you go on to present:
Little company spammer.com buys a DSL account from bigisp.com. He knows that
abc.com is also using mail.bigisp.com by examining abc.com's spf record
(that's why he bought the DSL account from bigisp.com). Now he sends a spam,
faking the from address as whatever(_at_)abc(_dot_)com targeting
victim(_at_)spamtarget(_dot_)com
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.