spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Can SPF identify wildcard domain forgery?

2004-08-26 18:08:25
from [guy] [Permanent Link] 
Ok, I may be a little slow.

I have un-trusted external SMTP servers (Comcast.net) with IP addresses
1.2.3.4 and 2.3.4.5.
I have setup a sub domain with:
        User1._spf1.watkins-home.com A 127.0.0.1
        User2._spf1.watkins-home.com A 127.0.0.1
        ...

My TXT record looks like this:
"v=spf1 ip4:1.2.3.4 ip4:2.3.4.5 exists:%{l}._spf1.watkins-home.com -all"

I don't want to allow email from any other IP address.
What prefix should I use for the 2 ip4 directives?  And why?
I don't think the prefix can be + since that would pass without needing the
exists directive.
- would just fail.

My guess...
If the email came from 1 of the 2 IP addresses, the "exists" directive would
have no effect.  So, anyone using these 2 servers could fake any email
address from Watkins-home.com.

If the email did not come from one of the 2 IP address, then only valid
email addresses could be faked.

Maybe we need an "and" directive, so that 2 or more directives must be true?

Thanks,
Guy



-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Roger 
Moser
Sent: Thursday, August 26, 2004 4:11 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] Can SPF identify wildcard domain forgery?

Shelby wrote:


If yes, then a spammer can do the same thing.  It is not the same as
handing the spammer a list, but it is another way to query for existent
addresses, which has following drawbacks:


Of course if you have "exists:%{l}.spf.example.com" in your SPF record, then
(1) you must prevent that everyone can read the names of the subdomains from
your name server (that means you must disable zone transfers) and
(2) you must be prepared for a dictionary attack.

Otherwise don't use "exists:%{l}.spf.example.com".

Roger

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription, 
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Can SPF identify wildcard domain forgery?, william(at)elan.net
Next by Date:  Can SPF identify wildcard domain forgery?, Roger Moser
Previous by Thread:  Can SPF identify wildcard domain forgery?, Roger Moser
Next by Thread:  Can SPF identify wildcard domain forgery?, Roger Moser
Indexes:  [Date] [Thread] [Top] [All Lists]