On 8/15/2014 1:50 PM, David F. Skoll wrote:
On Fri, 15 Aug 2014 10:39:03 -0700 (PDT)
John Hardin <jhar...@impsec.org> wrote:
On Fri, 15 Aug 2014, David F. Skoll wrote:
SPF is so easy ("v=spf1 +all")
Doing *that* should be worth a point or two by itself.
Yes. I even through about implementing it, but there are so many ways
to achieve this:
v=spf1 +all
v=spf1 ip4:128.0.0.0/1 ip4:0.0.0.0/1
v=spf1 exists:openspf.org
... etc...
that we really need an SPF normalizing library that tells you what
percentage of IPv4 space would pass, and then add points for anyone claiming
(say) that more than 1% of total IPv4 space is OK. (Though the exists:
mechanism is nasty; not sure you even can predict what percentage of
IPv4 is covered in complex cases.)
Regards,
David.
I guess the logical next question would be what proportion of spam uses
universal SPF to eke out negative points. Has anyone seen this sort of
thing in the wild?
