On Sat, 7 Nov 2009 20:45:25 +0100 Wojciech Scigala
<libspf2(_dot_)org(_at_)wojtus(_dot_)net>
wrote:
Hello,
Sometimes I meet a badly configured SPF entries for domains, which
contain "+all" elements. I've also met a domain with entry like
this:
ip4:0.0.0.0/2 ip4:64.0.0.0/2 ip4:128.0.0.0/2 ip4:192.0.0.0/2
Looks like spammers are using such domains (or maybe even creating
them) to get extra anti-spam scores for their mailings.
I think some countermeasures might be introduced into libspf.
My concept is a configurable limit for class bits (eg. 16, 20 bits)
which would transfer the "pass" element to "neutral" state if the IP
class size is exceeded.
I think you are attacking the problem from the wrong end.
I think you should take note of such domains and mark all mail from them as
bad. This should be done at the application level, not in the library.
It's a good thing the spammers are telling you about a bad domain.
Scott K
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com