spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Can SPF identify wildcard domain forgery?

2004-08-27 07:09:53
from [guy] [Permanent Link] 
Rodger,
        I like your answer.  With your recommendations I should be able to
stop forgery of my email.  Even with un-trusted SMTP servers.  Assuming
everyone else uses my SPF records.  But!

Comcast.net has 6 SMTP servers that I know of!
Letting DNS do the "and" gives me lots of records to add to DNS.  Ouch.
Number of users times number of SMTP servers.  I can write a script.

Roger said:
"
Or you could have following records (less recommended):

"v=spf1 -exists:%{l}._spf1.watkins-home.com ip4:1.2.3.4 ip4:2.3.4.5 -all"
*._spf1.watkins-home.com        A       127.0.0.1
User1._spf1.watkins-home.com    TXT     ""
User2._spf1.watkins-home.com    TXT     ""
...
"

Could you explain this more?
And, does this depend on a feature of DNS or a bug?

Thanks,
Guy


-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Roger 
Moser
Sent: Friday, August 27, 2004 2:59 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] Can SPF identify wildcard domain forgery?

Guy wrote:


Maybe we need an "and" directive, so that 2 or more directives must be
true?


You can do the "and" at your DNS server. To allow only User1, User2, etc. to
send mail only through 1.2.3.4 or 2.3.4.5, setup following records:

"v=spf1 exists:%{l}.%{i}._spf1.watkins-home.com -all"
User1.1.2.3.4._spf1.watkins-home.com    A       127.0.0.1
User1.2.3.4.5._spf1.watkins-home.com    A       127.0.0.1
User2.1.2.3.4._spf1.watkins-home.com    A       127.0.0.1
User2.2.3.4.5._spf1.watkins-home.com    A       127.0.0.1
...

Or you could have following records (less recommended):

"v=spf1 -exists:%{l}._spf1.watkins-home.com ip4:1.2.3.4 ip4:2.3.4.5 -all"
*._spf1.watkins-home.com        A       127.0.0.1
User1._spf1.watkins-home.com    TXT     ""
User2._spf1.watkins-home.com    TXT     ""
...

Roger

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription, 
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Mail from an IPv6 host to an IPv4 host, Roger Moser
Next by Date:  RE: Can SPF identify wildcard domain forgery?, AccuSpam
Previous by Thread:  Can SPF identify wildcard domain forgery?, Roger Moser
Next by Thread:  Can SPF identify wildcard domain forgery?, Roger Moser
Indexes:  [Date] [Thread] [Top] [All Lists]