spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[spf-discuss] Current spf record for comcast.net?

2007-02-10 02:06:36
from [James Welcher] [Permanent Link] 
Hello, I saw all the traffic here:

http://www.gossamer-threads.com/lists/spf/discuss/30522?do=post_view_threaded#30522

I came up with a list similar to Rene's before I found this great
discussion group.

My problem is that I don't want to allow a wide comcast.net CIDR block
to be able to spoof my domains.

It seems really problematic also to include 40 hosts via the a: syntax
in the TXT record. I'm using DJB's tinydns and it has some issues with
long TXT fields. It splits them over 127 characters (although
according to the spec, most clients should be able to reconstruct),
but over a certain length aproaching the 512 byte limit of UDP DNS
packets, tinydns can't provide this data because DNS uses TCP for
bigger records.

Regardless... I'm trying to find a way to use SPF to add a list of
arbitrary hosts without having to list them all individually, but
without adding in monster CIDR block ranges.

So what I did was set up some dummy host/domains in my own namespace
that look something like this (here is the BIND formatted version):

; comcast crap
alnrmhc   IN MX  10 alnrmhc11.comcast.net.
alnrmhc   IN MX  10 alnrmhc12.comcast.net.
alnrmhc   IN MX  10 alnrmhc13.comcast.net.
alnrmhc   IN MX  10 alnrmhc14.comcast.net.
alnrmhc   IN MX  10 alnrmhc15.comcast.net.
alnrmhc   IN MX  20 alnrmhc16.comcast.net.
alnrmhc   IN MX  20 alnrmhc17.comcast.net.
alnrmhc   IN MX  20 alnrmhc18.comcast.net.
alnrmhc   IN MX  20 alnrmhc19.comcast.net.
alnrmhc   IN MX  20 alnrmhc20.comcast.net.
alnrmhc   IN MX  20 alnrmhc21.comcast.net.
alnrmhc   IN MX  20 alnrmhc22.comcast.net.
alnrmhc   IN MX  20 alnrmhc23.comcast.net.

So I do this for the various comcast outbound smtp servers and
point to it in my SPF TXT record:

IN TXT          "v=spf1 a mx mx:alnrmhc.buszard-welcher.com
mx:rwcrmhc.buszard-welcher.com mx:sccrmhc.buszard-welcher.com -all"

Anyway, it seems to be working for "buszard-welcher.com" now.

The big problem is, of course, comcast can change their
outbound SMTP servers at anytime...

but I live dangerously... they could change my DHCP IP address
at any time, I'm not using dyndns or anything... but it
stays relatively constant (on the order of months).


-- 
James Welcher, james{at}buszard-welcher.com, jwelcher{at}gmail.com
http://jameswelcher.livejournal.com AIM{jbwelcher} SKYPE{jwelcher}

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [spf-discuss] OT: ASRG (was: Perils of reputation - refocus), Frank Ellermann
Next by Date:  [spf-discuss] Re: Current spf record for comcast.net?, Julian Mehnle
Previous by Thread:  [spf-discuss] Perils of reputation, Stuart D. Gathman
Next by Thread:  [spf-discuss] Re: Current spf record for comcast.net?, Julian Mehnle
Indexes:  [Date] [Thread] [Top] [All Lists]