On Friday 03 August 2007, Michael Scheidell wrote: > (yes, spf is broken) especially when companies like hallmark, who know > they are being used as 'phishing' targets list the whole world as > authoritative mail servers. > > I say damn them all, blacklist hallmark till they at least fix their spf > records: (i suspect its the :12" "9 )? shb a period?
I have a good friend who patches his qmail so that if it sees a spf record that is extra wide, he reverses it's meaning. ----- Quoting from qmail.jms1.net ---- Some people are improperly treating "SPF pass" as a strong non-spam flag when evaluating the "spam level" of a message. Spammers ARE taking advantage of this by placing +all in the SPF records of the domains that they purchase for the purposes of sending spam. What this does is tells the receiving server that ANY IP ADDRESS is allowed to send messages claiming to be "From:" that domain. Obviously this is not a good thing, for two reasons. First, spammers are bypassing the filtering that SPF should be offering. Second, people are placing a lot more trust in SPF than they should. An "SPF failure" result can be used to place a lower trust value on a particular message, but as long as spammers are able to purchase their own domain names and create their own SPF records, an "SPF pass" result should not be used to place any higher trust value on a message. I have added an option to treat a +all term found within an SPF record as if it said -all. This can be enabled by creating an SPF_BLOCK_PLUS_ALL environment variable with a value other than "0". Note that this variable is checked at the time the SPF check itself is done, which means if you want to add, change, or delete this variable using the AUTH_SET variables, you can. Linky here: http://qmail.jms1.net/patches/combined-details.shtml -- Phil Barnett AI4OF SKCC #600