spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Handling of -all

2005-02-11 01:22:19
from [Alex van den Bogaerdt] [Permanent Link] 
On Thu, Feb 10, 2005 at 10:30:11PM -0700, Commerco WebMaster wrote:


The joy of receiving some message stating "our advanced spam filter has 
determined you sent the following" when it is an obviously forged from IP 
address in another country is starting to wear a bit thin with me.  Even 
more so when said "advanced spam filter" company appears to pay no 
attention to requests they consider implementing SPF support in their 
software.


or virusscanner.
or one-time only opt-in confirmation.
or vacation message.

All the same.


You think publishing redirect covers an entire zone ?


Well, not easily, but I'll send you an off list email message with an 
actual domain, where you can try to get an SPF txt record for 
FOO.example.com via Dig and it will successfully present a redirect to 
_spf.example.com txt record even though FOO.example.com does not actually 
exist (wildcard DNS).


Every query does result in an anwer, including for non-TXT records...


If OTOH you publish "v=spf1 redirect:_spf.example.com" for each and
every domain (not: host!) then you get what you think you get.


...so you _are_ pushlishing for each domain.

And therefore FOO.example.com _does_ exist.  Maybe not in real life,
but it certainly does in DNS.


[... on faulty records not set by owner of domain ...]


While such behavior as you point to seems entirely inappropriate, it is
also not the fault of the SPF, those who publish SPF records for their own
domains or those who support published records in their MTA / SMTP software.



I think I see where you are going, but I really believe that the subjective 
treatment of what should be an absolute is still not good design.  Rather, 
perhaps such things should be handled via an ~all with appropriate 
modifiers.


But how is this going to happen?  The DNS hoster doesn't know better
than to publish -all.  Its customer doesn't know anything about SPF
at all.  How is this situation going to magically change?

I stand by my original comment: It is, IMHO, too soon to actually
start blocking based on what could very well be a simple mistake.

cheers,
alex
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Handling of -all, Commerco WebMaster
Next by Date:  Re: Handling of -all, Daniel Taylor
Previous by Thread:  Re: Handling of -all, Commerco WebMaster
Next by Thread:  Re: Handling of -all, Daniel Taylor
Indexes:  [Date] [Thread] [Top] [All Lists]