spf-discuss
[Top] [All Lists]

Re: [SPF Classic] Policy best practices should be kept out

2004-10-07 19:38:26
guy wrote:
 
If it were up to me, "+all" would be considered an invalid
spf record.  This is what a spammer would do.

Only a very stupid spammer.  It's trivial to create a sender
policy with the same effect as +all without using it directly:
"v=spf1 exists:%{ir}.ipv4.fahq2.com -all" is an example.

And it's also possible to create non-abusive sender policies
ending in +all, e.g. use blackholes.us to exclude all IPs in
the rest of the world, and +all for the remaining IPs.  Weird
strategy, but it's allowed.  With include: resp. exists:, and
some macros you can do very interesting stuff like logging,
who gets mail from which IP claiming to be MAIL FROM you.  If
all you want is the logging use either +whatever -all or use
?whatever +all, etc.

Okay, it's on the border to abuse, if the receiver dutifully
evaluating your policy never "wins" (in the form of a FAIL).
And I'm sure that the spammers will abuse it sooner or later.
But you can't fix it by removing +all.

                        Bye, Frank



<Prev in Thread] Current Thread [Next in Thread>