On Wed, 24 Jan 2018, Bill Cole wrote:
On 24 Jan 2018, at 17:20 (-0500), John Hardin wrote:
On Wed, 24 Jan 2018, Dianne Skoll wrote:
At this point, I would be willing to penalize sites with bad SPF
records (syntactically invalid; more than one different SPF record
attached to the same domain, etc.) Those people really deserve
penalties because they've messed up.
Does that include "+all" or authorizing more than a class-b space through
any method, which I'd characterize as "malicious" rather than "messed up"?
There are entities that still hold fast to their legacy Class A networks and
expose them to some degree to the world. Those who have tried to change
policy from inside such an organization might argue that a multiple-B SPF
authorization is neither malicious nor messed up in itself, but rather merely
an admission of a reality which i arguably messed up but not at all
malicious.
Somebody legitimately that big could be whitelisted (SPF Malice score = 0).
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
To be civilized is to restrain the ability to commit mayhem.
To be incapable of committing mayhem is not the mark of the
civilized, merely the domesticated. -- Trefor Thomas
-----------------------------------------------------------------------
3 days until Wolfgang Amadeus Mozart's 262nd Birthday