[RFCI-Discuss] RFC4408 aka SPF
Alan Brown
alanb at digistar.com
Wed Jan 24 14:49:23 EST 2007
On Wed, 24 Jan 2007, Alexey Lobanov wrote:
> Hello all.
>
> It looks like that spammers have started to abuse RFC4408 with bogus SPF
> records:
They have been doing that for a long time.
> All the examples are from real spam, of course.
Yes, but they can't do that with your domain, or my domain either
SPF can tell you that a message didn't genuinely come from the domain it
claims to come from, but it can't tell you that the message isn't spam
Nonetheless, it's useful, because spammer tend to forge domains that
belong to other people far more often than domains they own.
> Yes, "+all" is provided as an example in the RFC text. But the nature of
> this "v=spf1 +all" seems to be exactly same as the nature of "IN MX
> localhost". They are trying to fool us, to legitimize mail from every
> trojanned home machine.
Yup.
However it isn't difficult to detect domains with such massively wide
SPF entries during the SMTP sequence and refuse mail.
> Is this problem within the scope of RFCI?
No.
> Do we want to build a rhsbl database for this class of bad domains?
Yes, it may already have happened....
Spammers will of course adapt to such blacklistings.
More information about the RFCI-Discuss
mailing list