spf-discuss
[Top] [All Lists]

Re: Overly broad ip range in spf - think like a spammer

2004-07-28 06:30:30
I forecast that there will be actually very little domains publishing
such broad spf records. Therefore, spammers will neccesarilly use 
these same domains over and over, thus ending up on the blacklists. That'll
make those who publish such spf records think about maybe getting their setup
more aimed at preventing spam instead of opening up to all the world to
be abused. What you're basically saying with "v=spf1 +all", "v=spf1 ?all" or 
something of the like is 'rape me! abuse me!'.

I think this is a non-issue...


On Wed, Jul 28, 2004 at 09:19:17AM -0400, John Keown wrote:
   Too many people are looking at spf records from the administrator eyes
   and not from the spammers eyes.



   First  if I am a spammer I would scan domains spf records and look for
   domains  that  specify  the  entire internet space as valid spf range.
   Then  I  would create thousand of fake email addresses for this domain
   and send my spam using these domains.



   If  I  cannot find any domains with universal spf records I would then
   look  for  domains  that  have  extremely  large  ip ranges in the spf
   records.  I  would  use  zombies from these ip ranges to send the spam
   with the fake return addresses.



   Therefore  the  domain with excessive ip ranges in the spf records are
   just asking to be used by the spammers.

   In fact if I was a spammer I would be on this list looking for domains
   that  represent  they  need  excessive ip ranges in the spf record and
   making a list.



   Sincerely
   ------------------------------------------------------------
   John D. Keown, CEO



   NuNet, Inc.
   7535 Windsor Dr   Suite A305
   Allentown, PA 18195



   Local: (610) 289-6500 - Toll-Free: 888-NuNet-Me Ext. 2000
     _________________________________________________________________

   Sender   Policy   Framework:   [1]http://spf.pobox.com/   Archives  at
   [2]http://archives.listbox.com/spf-discuss/current/   Send  us  money!
   [3]http://spf.pobox.com/donations.html  To  unsubscribe,  change  your
   address,  or  temporarily  deactivate  your subscription, please go to
   
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

References

   1. http://spf.pobox.com/
   2. http://archives.listbox.com/spf-discuss/current/
   3. http://spf.pobox.com/donations.html

-- 
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Send us money!  http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

Attachment: pgpraKFtgVpv7.pgp
Description: PGP signature