On Thu, 26 Aug 2004, AccuSpam wrote:
Thus I still do not see how SPF can solve this kind of scenario I laid
out when I started this thread:
(1) In scenario I described, the owner of the domain chooses *NOT* want to
set "-all" for his legitimate addresses, because owner is not ready to
follow the requirements for sending email when "-all" is set.
(2) Yet spammers keep forging addresses (of *(_at_)domain) which are *NOT*
the
legitimate addresses (of *(_at_)domain), and owner wants to set "-all" on
*ALL*
addresses (of *(_at_)domain) which are *NOT* the legitimate addresses (of
*(_at_)domain).
In other words, owner of domains want to maintain status quo with his
legitimate address, but blacklist sending from addresses which owner of
domain does not ever use.
example.com. IN TXT "v=SPF1 +mx redirect=%{l}._spf.example.com"
*._spf.example.com. IN TXT "v=SPF1 -all"
user._spf.example.com. IN TXT "v=SPF1 ?all"
If email came from user(_at_)example(_dot_)com, the above records will cause
undefined SPF lookup result (i.e. you can't make any assumptions on if
client is authorized to use that address or not). But if email came
from somebodyelse(_at_)example(_dot_)com (in fact anything other then
user(_at_)example(_dot_)com)
then the result is definite NO on if client ip is authorized.
Satisfied?
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net