On Wed, Mar 23, 2005 at 04:21:39PM -0600, Andy Bakun wrote:
Consider example-spammer.com's record:
v=spf1 mx:%{l} -all
Now, all I need to do is commandeer a bunch of machines with access to
aol.com's or comcast.net's MTAs and send through them with MAIL FROM set
to:
aol(_dot_)com(_at_)example-spammer(_dot_)com
comcast(_dot_)net(_at_)example-spammer(_dot_)com
Well:
o If spammers forge mail as being from domains with strict (ending in
"-all") spf records, and their mail doesn't authenticate, we can reject
their messages as obvious forgeries.
o If spammers *do* authenticate themselves, say by the rules of their
own published spf records, we can reject based on their domain names.
So it would be very convenient if example-spammer.com did the thing you
suggest above, as their domain would make it into domain-name blocklists
even more quickly. Of course, they could just make things easier on
themselves and everyone else by simply publishing "v=spf1 +all".
In any event, do you know of any cases in which allowing macros to end
in things other than %d wll create a problem for mailservers or for
legitimate uses of mailservers? (I don't see how in your example above
what advantage example-spammer.com would gain by using the sort of txt
record you suggest.)
--
Mark Shewmaker
mark(_at_)primefactor(_dot_)com