spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[spf-discuss] register.com, and other registrars, publishing SPF

2006-12-09 14:49:48
from [Alex van den Bogaerdt] [Permanent Link] 
This is a message based on information from Thomas Zehetbauer
who is unable to subscribe to this list.

(N.B.: list admin: please try to subscribe him if you can, using
email address <thomasz(_at_)hostmaster(_dot_)org>.  The request is confirmed
in RT ticket # 11814)

He included a list of domains that have weird looking SPF policies.
One example is this one:

;; ANSWER SECTION:
2realtors4you.com.      86400   IN      TXT     "v=spf1 ip4:127.0.0.1/32 all"

;; AUTHORITY SECTION:
2realtors4you.com.      63128   IN      NS      ns2.expireddomains.register.com.
2realtors4you.com.      63128   IN      NS      ns1.expireddomains.register.com.


There are more domains, from what I can tell at different registrars,
also having such a weird "+all" policy.


2realtors4you.com
12threc.com
blackjackschool.net
6sidan.com
beautifuldomain.com
aktiwell.info
3a-consulting.com
bangladeshvoice.com
bikerpaint.com
2dreamcatcher.com
blackjackcentre.com
bestwebcompany.com
99tette.com


A guess: a tool used by registrars, written by a misguided person, is
setting these SPF records automatically. The intent seems to be to not
authorize email from these domains, although the effect is quite the
opposite.

If you are this person, or if you know who (s)he is:

1: 172.0.0.1 has no place in public DNS
2: you should use "-all", not just "all".  You are currently authorizing
   all IP addresses in the entire ip4 and ip6 address space to send mail
   on behalf of these domains.

(side note: in hindsight it would make sense to have another default
for "all", but we don't.  The default result is "+", just like it is
for any other mechanism.)


Why did Tom report this in the first place?  He thinks SPF_PASS is
a reliable indicator of a message not being spam.  I tried to convince
him this is not the case, but failed to do so.

If you have anything to say, please do cc. Tom if you reply to the list.

regards
Alex

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [spf-discuss] Re: Misuse of Return Address, Seth Goodman
Next by Date:  Re: [spf-discuss] register.com, and other registrars, publishing SPF, Daryl C. W. O'Shea
Previous by Thread:  RE: [spf-discuss] SMTP HEAD draft (was: Per/user policies in "Large Domains"), Seth Goodman
Next by Thread:  Re: [spf-discuss] register.com, and other registrars, publishing SPF, Daryl C. W. O'Shea
Indexes:  [Date] [Thread] [Top] [All Lists]