|
All Archives /
aussie-isp /
2006-04
|
<<< Date >>> | |
| Permanent Link | ||
|
Date: Wed, 19 Apr 2006 10:36:22 +0930
From: Alex Wilkinson To: aussie-isp, aussie-isp Message-Id: <20060419010622.GA69277@squash.dsto.defence.gov.au> In-Reply-To: <000001c662f9$c3021470$2522630a@t22> References: <20060418105458.GA1102@k7.mavetju> <000001c662f9$c3021470$2522630a@t22> Subject: Re: [Oz-ISP] SPF Records |
No followups recorded. |
|
0n Wed, Apr 19, 2006 at 01:07:07AM +1000, Sean Winn wrote: >m a j o r d o m o - o w n e r @ k o a l a . a u s s i e . n e t wrote: >> On Tue, Apr 18, 2006 at 08:03:14PM +1000, Sean Winn wrote: >>> m a j o r d o m o - o w n e r @ k o a l a . a u s s i e . n e t wrote: >>> ip4:152.163.225.0/24 ip4:205.188.139.0/24 ip4:205.188.144.0/24 >>> ip4:205.188.156.0/23 ip4:205.188.159.0/24 ip4:64.12.136.0/23 >>> ip4:64.12.138.0/24 ptr:mx.aol.com ?all" >>> aol.com. 300 IN TXT "spf2.0/pra >>> ip4:152.163.225.0/24 ip4:205.188.139.0/24 ip4:205.188.144.0/24 >>> ip4:205.188.156.0/23 ip4:205.188.159.0/24 ip4:64.12.136.0/23 >>> ip4:64.12.138.0/24 ptr:mx.aol.com ?all" >>> >>> Same for gmail.com; yahoo.com doesn't even have SPF. Hotmail is >>> slightly different... ~all as a soft fail instead. >>> >>> Value of SPF? Very little except for being feel-good about forged >>> email. Spammers can use SPF as well, with throw-away domains, and >>> probably do. >> >> SPF isn't an anti-spammer tool, it's an anti-forgery tool. I don't >> care if spammers use their own throw-away domains for it. I do care >> if spammers/viruses use my address as the sender address. >> > >Certainly is. But if it's not definitive, what's its value? > >> The above examples give a good idea of the fine-tuning SPF is capable >> of. >> >> - With -all, it says: "These ip addresses, that are our outgoing >> SMTP servers. Dont' trust anything else". >> >> - With ~all, it says: "These ip addresses, that are our outgoing >> SMTP servers. I wouldn't trust anything else if I were you, but >> it is possible." >> >> - With ?all, it says: "These ip addresses, that are our outgoing >> SMTP servers. But it can come from other places." >> > >Only '-all' is definitive. And 4 major domains used for mail say they >can't be definitive. So they don't seem to place a high value on SPF for >themselves. > > >> For my domain (mavetju.org), it says -all. For the domains we host, >> it's -all. We offer our clients authentication SMTP delivery on a >> non standard SMTP port. There should be no reason for them not to use >> our mail servers. >> >> Edwin some interesting comments about SPF: http://archives.listbox.com/735/200403/0463.html -aW ---- email "unsubscribe aussie-isp" to m a j o r d o m o @ a u s s i e . n e t to be removed. |
|