On Wed, 13 Dec 2006, JamesDR wrote: > > Bot masters can easily set up SPF addresses that will encompass giant > > subnets > > of bots. You'll never know where to draw the line. > > Even better. If they give me a giant subnet of SPF records, I know > exactly what IP's I don't want connecting to my mail server. If a > spammer sends a spam from a subnet, passes SPF. I will and have gone, > looked at their record and blocked what they say is 'allowed' to send me > spam.
What if they include the subnet containing AOL's outbound MX hosts? Waitaminit, bad example... What if they include the subnet containing Apache's outbound MX hosts? As I said before, score on the total number of the hosts matched by the SPF record. Anything bigger than a class-C is suspicious. Anything bigger than a class-B is *very* suspicious. And if a big ISP SPFs their entire class-B, they are damned lazy. -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ [EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- The question of whether people should be allowed to harm themselves is simple. They *must*. -- Charles Murray ----------------------------------------------------------------------- 2 days until Bill of Rights day