> On Feb 28, 2024, at 6:33 PM, Barry Leiba <barryle...@computer.org> wrote: > > A paper was presented this morning at NDSS about the state of SPF, which is > worth a read by this group: > > https://www.ndss-symposium.org/ndss-paper/breakspf-how-shared-infrastructures-magnify-spf-vulnerabilities-across-the-internet/ >
Barry, Interesting. Appreciate the security note. Per document, 2.39% domains are the problem with CDN, HTTP Proxy, SMTP threat entry points. Not an SPF issue. If anything, add more SMTP command override support for immediate disconnect for GET, POST, etc, erroneous SMTP commands: // Script: Smtpfilter-GET.wcc: // add code to block GetCalllerID() Print “550 <click>” HangUp() End // Script: Smtpfilter-POST.wcc: // add code to block GetCalllerID() Print “550 <click>” HangUp() End All the best, Hector Santos
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc