On Thursday 06 September 2007 12:50, Marc Chametzky wrote:
Not only are the spammers using +all, but the more clever ones are using
several ip4 mechanisms with very broad CIDR specifications so that when
you put them all together, they end up being ip4:0.0.0.0/0.
While one can detect a Pass being returned by +all easily, doing so with
an aggregate of ip4's is far more difficult.
Which is the exact answer to why there isn't a special rule to disallow +all.
BTW, not all (or even most - or even any of the onese I checked) of the
domains you said were +all in your last message have +all.
knology.net is one good example:
knology.net. 33145 IN TXT "v=spf1 mx ip4:24.214.63.101
ip4:24.214.5.254 ip4:24.214.63.226 ip4:24.214.63.228 ip4:24.214.63.230
ip4:69.73.24.0/24 -all"
From what I can tell they are NOT a spammer domain.
I do think you need to slow down and examine your assumptions and your code
before you start throwing accusations around.
Scott K
-------------------------------------------
-----------------------------------------------------------------------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735
Powered by Listbox: http://www.listbox.com