John Keown wrote:
Below you can all see the spf records published by surgeweb.com. This is an
example of good intentions of a mail administrator trying to do the right
thing but lacking an understanding of the internet and ip space. You can see
that the spf records for ip is incorrect. the did not specify a boundary
when describing the class c range. They used .1 not .0. I have sent 2 email
to the postmaster informing of his error and either he did not receive the
emails, just ignored them or feel he is correct in his notation.
The end results is his spf records are useless as they do not parse
properly.
v=spf1 ip4:216.65.64.1/24 ip4:216.65.3.1/24 a:send1.surgeweb.com mx -all
Not totally useless as it happens.
I've just had a spammer try to deliver a mail via several different open
proxies/compromised hosts as follows:
Open proxy Envelope Sender SPF record
213.186.34.52 pegging(_at_)backtomyplace(_dot_)com v=spf1 ip4:216.65.64.1/24
ip4:216.65.3.1/24 a:send1.surgeweb.com mx -all
211.169.249.106 moderns(_at_)animal-act(_dot_)com v=spf1 ip4:216.65.64.1/24
ip4:216.65.3.1/24 a:send1.surgeweb.com mx -all
211.169.249.106 engineering(_at_)ilovebanging(_dot_)com v=spf1 ip4:216.65.64.1/24
ip4:216.65.3.1/24 a:send1.surgeweb.com mx -all
220.95.231.150 oratory(_at_)the-house-of-commons(_dot_)com v=spf1 ip4:216.65.64.1/24
ip4:216.65.3.1/24 a:send1.surgeweb.com mx -all
213.186.34.52 plausible(_at_)norbertcolon(_dot_)com v=spf1 ip4:216.65.64.1/24
ip4:216.65.3.1/24 a:send1.surgeweb.com mx -all
213.186.34.52 unties(_at_)ankle-biter(_dot_)com v=spf1 ip4:216.65.64.1/24
ip4:216.65.3.1/24 a:send1.surgeweb.com mx -all
213.186.34.52 genres(_at_)the-end-is-nigh(_dot_)com v=spf1 ip4:216.65.64.1/24
ip4:216.65.3.1/24 a:send1.surgeweb.com mx -all
211.169.249.106 molests(_at_)silly-old-moo(_dot_)com v=spf1 ip4:216.65.64.1/24
ip4:216.65.3.1/24 a:send1.surgeweb.com mx -all
202.101.18.176 unmasked(_at_)i-love-cambridge-united(_dot_)com v=spf1 ip4:216.65.64.1/24
ip4:216.65.3.1/24 a:send1.surgeweb.com mx -all
213.186.34.52 temptress(_at_)three-iron(_dot_)com v=spf1 ip4:216.65.64.1/24
ip4:216.65.3.1/24 a:send1.surgeweb.com mx -all
Since the milter I'm using *was* able to parse these records properly as per
the SPF spec., my server was able to reject all of these mails. After that,
the spammer (who really does seem to like surgeweb's domains) gave up.
Paul.