On Tue, 8 Aug 2006, qqqq wrote:
I have been having FPs from Ebay in AU and DE, as well as [EMAIL PROTECTED]

Does anybody have a good whitelist for these?

Because so many people try to forge messages from eBay but what
comes from their own servers is almost definitely not spam,
eBay seems like an ideal example of an organization that could
benefit from SPF.  And sure enough:

    $ host -t TXT ebay.com
    ebay.com descriptive text "spf2.0/pra mx include:s._sid.ebay.com 
include:m._sid.ebay.com include:p._sid.ebay.com include:c._sid.ebay.com ~all"
    ebay.com descriptive text "v=spf1 mx include:s._spf.ebay.com 
include:m._spf.ebay.com include:p._spf.ebay.com include:c._spf.ebay.com ~all"

    $ host -t TXT ebay.com.au
    ebay.com.au descriptive text "spf2.0/pra mx include:s._sid.ebay.com 
include:m._sid.ebay.com include:p._sid.ebay.com include:c._sid.ebay.com ~all"
    ebay.com.au descriptive text "v=spf1 mx include:s._spf.ebay.com 
include:m._spf.ebay.com include:p._spf.ebay.com include:c._spf.ebay.com ~all"

    $ host -t TXT ebay.de
    ebay.de descriptive text "v=spf1 mx include:s._spf.ebay.com 
include:m._spf.ebay.com include:p._spf.ebay.com include:c._spf.ebay.com ~all"
    ebay.de descriptive text "spf2.0/pra mx include:s._sid.ebay.com 
include:m._sid.ebay.com include:p._sid.ebay.com include:c._sid.ebay.com ~all"

So it seems like SPF is probably something good to rely on
in this case.  I don't fully understand the SPF plug-in,
but perhaps all you need to do is add the appropriate ebay
domains to new def_whitelist_from_spf rules like the ones
in 60_whitelist_spf.cf.

This page:

    http://pages.ebay.com/help/confidence/isgw-account-theft-spoof.html

has a list of eBay's US and international web sites, so presumably
the list of valid e-mail domains ([EMAIL PROTECTED], [EMAIL PROTECTED], etc.)
can be easily and correctly derived from that list.

  - Logan

Reply via email to