Gino Cerullo wrote:
Given that this is a valid record and short of blacklisting
the domain in question, is there anything in the SPF spec to
deal with this abuse?
The RFC has no rule against "overlong" records, it would be
difficult to formulate this, SPF is not as simple as say UTF-8,
where "overlong" is (now) illegal.
In theory - based on Stuart's and older ideas - a new version
could demand that published policies have to be "optimised" by
a preprocessor. But assuming that your example is intentional
abuse it would then be still possible to fool the preprocessor,
unless mechanisms like "exists" are eliminated in this version.
It's IMO more important to educate receivers that "v=spf1 +all"
in any shape or form is perfectly legal: The sender wants to
get bounces for mail from anybody using his or her addresses
on any route. <shrug />
Frank
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com