Yeah, this is useful for manually maintaining a list of domains for which you want to check spf records and update the whitelist. I.e. domains such as hotmail.com and google.com which fulfill the following requirements: a) use round-robin sending mailservers b) are somehwat trusted
I do this whith scripts today (including one from you Daniel :) /J * Daniel Ouellet ([email protected]) wrote: > Dave Anderson wrote: >> On Wed, 22 Apr 2009, jared r r spiegel wrote: >> >>> On Thu, Apr 23, 2009 at 12:30:28AM +0000, Stuart Henderson wrote: >>> >>>> I see a tiny little problem with this method... sometimes people send >>>> spam from domains whose DNS they control. >>> +1 >>> >>> i think part of the success i experience using SPF as a means to create >>> whitelists is in the fact that i maintain the list of domains i fancy >>> whitelisting. unfortunately, it would be trivial for someone to take >>> advantage of an spf-based automatic whitelist to slip right on thru >>> spamd(8). >>> >>> it's a pisser. >> >> What might make sense is to alter the script to generate a list of >> canditates for whitelisting, but only apply any of them after they are >> manually approved. > > Or to may be allow to actually have a list that the script cold checked > against to make the changes, witch would achieve the user intended > results and at the same time eliminating the possibility to have one > domain adding it's own records if that's no restricted. > > Like yo could create a google.com in the list and that would allow > connection from google being automatically added via the SPF records, > but no others would unless you manually add their name to the allow auto > extension of the SPF name list. > > Just a thought, not sure it's the best idea, but that's one way to keep > it automatic like intended to be use. > > Daniel
