Re: Overly broad ip range in spf - think like a spammer2004-07-28 06:31:25John Keown wrote: Too many people are looking at spf records from the administrator eyes and not from the spammers eyes. That may be because many of us do not regard SPF as an anti-spam technology in the first place. But let's not go there again. First if I am a spammer I would scan domains spf records and look for domains that specify the entire internet space as valid spf range. Then I would create thousand of fake email addresses for this domain and send my spam using these domains. If I cannot find any domains with universal spf records I would then look for domains that have extremely large ip ranges in the spf records. I would use zombies from these ip ranges to send the spam with the fake return addresses. Therefore the domain with excessive ip ranges in the spf records are just asking to be used by the spammers. In fact if I was a spammer I would be on this list looking for domains that represent they need excessive ip ranges in the spf record and making a list. If you receive lots of spam which passes SPF checks for the sender domain, go right ahead and refuse mail from that domain. I can't see many people arguing against doing that. It *doesn't matter* how wide an IP range the SPF record for that domain allows. It just happens, partly for the reasons you have outlined, that such cases will probably be more frequent that cases with narrower SPF records. Paul.
|
|