[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SPF I-D for review: draft-schlitt-spf-classic-00.txt
[ Moderators note: Post was moderated, either because it was posted by
a non-subscriber, or because it was over 20K.
With the massive amount of spam, it is easy to miss and therefore
delete relevant posts by non-subsrcibers. Please fix your
subscription addresses. ]
In <20050112041937.9D7E513CDF@sa.vix.com> Paul Vixie <paul@vix.com> writes:
>> > ... SPF RRs will only be used when there is an extant LHS@RHS, and
>> > the RHS has to have either an A or MX RR which is at either a real
>> > or synthesized (wildcard) name.
>>
>> The problem is that spammers and phishers can easily use
>> nonexistant.subdomain.example.com to get around example.com's sender
>> policy.
>
> an spf subscriber can trivially detect this. [...]
I'm not sure what you mean by an "spf subscriber", I'm guessing you
are talking about the system that checks for SPF records. (This is
called the "spf client" in the I-D.)
> postfix calls this functionality by many names, such as: [list snipped]
Yes, and other mailers have similar options, but those are receiver
policies, not sender policies.
> and anyone who is interested enough in preventing forgery to install an
> spf-capable mailer has the option of turning on features related to
> nonexistent subdomains of spf-publishing domains.
I don't see how you can detect if a domain owner has published SPF
records without checking for them in the DNS. Nonexistant subdomains
won't return SPF records. Hence, the default at the zone cut.
I really don't see how the email receiver (SMTP server) options that
you mentioned above will work for the "spf subscriber".
-wayne
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>