[RFCI-Discuss] RFC4408 aka SPF
Alexey Lobanov
aal at lobanov.sp.ru
Wed Jan 24 07:45:23 EST 2007
Hello all.
It looks like that spammers have started to abuse RFC4408 with bogus SPF
records:
ecooldeals.com text "v=spf1 a mx +all"
3ivn.com text "v=spf1 mx ptr ip4:195.144.11.67 +all"
alpha-direct.com text "v=spf1 +all"
bethellutheranchurch.com text "v=spf1 a mx +all"
kind-heart.com text "v=spf1 all"
All the examples are from real spam, of course.
Yes, "+all" is provided as an example in the RFC text. But the nature of
this "v=spf1 +all" seems to be exactly same as the nature of "IN MX
localhost". They are trying to fool us, to legitimize mail from every
trojanned home machine.
Is this problem within the scope of RFCI? Do we want to build a rhsbl
database for this class of bad domains?
Alexey
More information about the RFCI-Discuss
mailing list