At 02:28 PM 8/25/2004 +0200, Roger wrote:
Shelby wrote:
As long as they do not use "exists" to specify specific users.
Using "exists" to specify users will tell a spammer which addresses to
spam and forge (because not every recipient will be SPF protected for
years).
The SPF record of pamho.net uses "exists":
v=spf1 exp=exp.pamho.net ip4:81.221.18.144/29 exists:%{l}.ses.pamho.org -all
Now tell me what addresses the spammer can forge.
I had written above "to specify specific users", so I am referring to an
example such as follows where users are enumerated:
| example.net IN SOA ...
| IN TXT "v=spf1 ?exists:%{l}.lp._spf.%{d2} -all"
| user1.lp._spf IN A 127.0.0.1
| user2.lp._spf IN A 127.0.0.1
| user3.lp._spf IN A 127.0.0.1
| user4.lp._spf IN A 127.0.0.1
In that case, you enumerate your valid email addresses on a domain to the
spammer.
I realize Meng was referring to "+all", but I was just making a point about the
general peril of enumerating users with "exists".