All Archives / aussie-isp / 2006-04
<<< Date >>>
Permanent Link
Date: Tue, 18 Apr 2006 20:54:58 +1000
From: Edwin Groothuis
To: Sean Winn
Cc: aussie-isp, aussie-isp
Message-Id: <20060418105458.GA1102@k7.mavetju>
In-Reply-To: <003701c662cf$4f91b7e0$2522630a@t22>
References: <1145343275.5563.15.camel@localhost.localdomain> <003701c662cf$4f91b7e0$2522630a@t22>
Subject: Re: [Oz-ISP] SPF Records
Followups:

<000001c662f9$c3021470$2522630a@t22>
<20060418230605.GB12751@taz.net.au>
<20060419010622.GA69277@squash.dsto.defence.gov.au>
On Tue, Apr 18, 2006 at 08:03:14PM +1000, Sean Winn wrote:
> m a j o r d o m o - o w n e r @ k o a l a . a u s s i e . n e t wrote:
> ip4:152.163.225.0/24 ip4:205.188.139.0/24 ip4:205.188.144.0/24
> ip4:205.188.156.0/23 ip4:205.188.159.0/24 ip4:64.12.136.0/23
> ip4:64.12.138.0/24 ptr:mx.aol.com ?all"
> aol.com.                300     IN      TXT     "spf2.0/pra
> ip4:152.163.225.0/24 ip4:205.188.139.0/24 ip4:205.188.144.0/24
> ip4:205.188.156.0/23 ip4:205.188.159.0/24 ip4:64.12.136.0/23
> ip4:64.12.138.0/24 ptr:mx.aol.com ?all"
>
> Same for gmail.com; yahoo.com doesn't even have SPF. Hotmail is slightly
> different... ~all as a soft fail instead.
>
> Value of SPF? Very little except for being feel-good about forged email.
> Spammers can use SPF as well, with throw-away domains, and probably do.

SPF isn't an anti-spammer tool, it's an anti-forgery tool. I don't
care if spammers use their own throw-away domains for it. I do care
if spammers/viruses use my address as the sender address.

The above examples give a good idea of the fine-tuning SPF is capable
of.

-   With -all, it says: "These ip addresses, that are our outgoing
    SMTP servers. Dont' trust anything else".

-   With ~all, it says: "These ip addresses, that are our outgoing
    SMTP servers. I wouldn't trust anything else if I were you, but
    it is possible."

-   With ?all, it says: "These ip addresses, that are our outgoing
    SMTP servers. But it can come from other places."

For my domain (mavetju.org), it says -all. For the domains we host,
it's -all. We offer our clients authentication SMTP delivery on a
non standard SMTP port. There should be no reason for them not to
use our mail servers.

Edwin
--
Edwin Groothuis      |            Personal website: http://www.mavetju.org
e d w i n @ m a v e t j u . o r g    |          Weblog: http://weblog.barnet.com.au/edwin/
----
email "unsubscribe aussie-isp" to m a j o r d o m o @ a u s s i e . n e t to be removed.
<<< Date >>>
This page was automatically generated, based on a complete record of postings made to the nominated list. Copyright issues, blame or gratitude belongs to the entity that wrote the content.