spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Can SPF identify wildcard domain forgery?

2004-08-27 08:16:16
from [guy] [Permanent Link] 
Rodger,
        Thanks for the response.  I understand now.

BTW, Comcast has these SMTP servers:
ip4:204.127.198.35 ip4:204.127.198.39 ip4:204.127.202.55 ip4:204.127.202.56
ip4:204.127.202.64 ip4:216.148.227.85

I will list each one I think.  But I do know how to do it now.

Thanks,
Guy

-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Roger 
Moser
Sent: Friday, August 27, 2004 11:08 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] Can SPF identify wildcard domain forgery?

I wrote:


"v=spf1 -exists:%{l}._spf1.watkins-home.com ip4:1.2.3.4 ip4:2.3.4.5 -all"
*._spf1.watkins-home.com      A       127.0.0.1
User1._spf1.watkins-home.com  TXT     ""
User2._spf1.watkins-home.com  TXT     ""
...


Correct is (dot after "com"):
*._spf1.watkins-home.com.       A       127.0.0.1
User1._spf1.watkins-home.com.   TXT     ""
User2._spf1.watkins-home.com.   TXT     ""

Guy answered:


Could you explain this more?


The wildcard *._spf1.watkins-home.com. applies only to those subdomains of
_spf1.watkins-home.com that have no records. User1._spf1.watkins-home.com
has a TXT record so querying User1._spf1.watkins-home.com for an A record
does not return an A record (provided for User1._spf1.watkins-home.com no A
record is explicitley given) and the 'exists' mechanism does not much (does
not return 'fail').


And, does this depend on a feature of DNS or a bug?


This behaviour of wild cards is according to section 4.3.3 of RFC 1034.


Comcast.net has 6 SMTP servers that I know of!


If the IP addresses all start with 204.127 then you could have following
records:

"v=spf1 exists:%{l}.%{ir2}._spf1.watkins-home.com -all"
User1.127.204._spf1.watkins-home.com    A       127.0.0.1
User2.127.204._spf1.watkins-home.com    A       127.0.0.1
...

Roger

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription, 
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Can SPF identify wildcard domain forgery?, Roger Moser
Next by Date:  SPF deployment friction, AccuSpam
Previous by Thread:  Can SPF identify wildcard domain forgery?, Roger Moser
Next by Thread:  RE: Can SPF identify wildcard domain forgery?, AccuSpam
Indexes:  [Date] [Thread] [Top] [All Lists]