> Matus UHLAR - fantomas <[EMAIL PROTECTED]> writes: > > Maybe the SA people decided not to do that. Maybe only those > > should provide SPF records who can verify their own customers - > > why should you use SPF otherwise?
On 25.03.08 18:25, Enrico Scholz wrote: > Sorry, I don't understand the logic behind this... I mean, is SPF usefull for a domain, when some hosts (even not trusted) can send you mail from that domain, without authentication? > >> What would be the sideeffects of adding '+ip4:192.168.0.0/16' > >> to the SPF record? > > > > mailservers on other networks could have FP's when receiving > > spam with your domain from their private networks... > > An SPF_PASS is pretty worthless (there are rumors that more > SPF_PASS are generated by spammers than by legitimate mail ;) ), > but SPF_FAIL can give important scores to mark spam as such one. I should have said FN's. Hosts would get SPF_PASS even when they should get SPF_FAIL. So, any server in the world using internal addresses in 192.168/16 could be spammed by hosts on the same network, using your domain and the spams would get SPF_PASS. And you would get bounces. > For now, I added the whole IANA blackhole ranges to my SPF > record... The openspf documentation uses this in an example too > so it should be ok. So anyone with private range can now spam using your domain on its network, without SPF to fire? Why? -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease
