On Mon, January 29, 2007 14:38, Mike Jackson wrote: > Before my actual question, here's a little background. Right now, I see how > pointless SPF is; few domains publish records, even fewer MTAs running in > the wild use SPF to accept/reject mail. When I look at the SPF scoring on my > server (where I'm running an SPF milter for Sendmail), most of the mail with > neutral SPF answers were sent from servers that should in no way be > authorized to send mail for the domain. So, it got me thinking...
spf is only as good as who is using it, SARE theam will add more whitelist_from_spf if needed, in the end we can benefit all if hostmasters/postmasters care more on spf, i admit, but i belive that forwarding mails servers is to scary for them :/ > Shouldn't mail be sent through the MX for a domain? if you setup thunderbird to deeliver mail to a smtp server that is final destinaion then its not relaying, and should be ok so how many scripts kiddies cant make that ? > Yes, I know MX records are for receiving mail, but in common practice the > servers they represent do double duty, both receiving mail from the outside > world and allowing users to send mail as well. Somewhere in the Received: > headers, it seems like you would see one of the MXes as a sender on most > legitimate messages. I'm sure someone's had this idea before (it's so > obvious that I can't believe that they wouldn't), but there must be some > reason it's not used as a flag for incoming spam. I've been thinking about > investing some time into writing a SpamAssassin plugin that would check the > Received headers for signs of an MX for the sender, but would I be wasting > my time? dig mxhostname to get the a record compare if that ip was the last recieved ip if a domain have no mx record, use the a record anyway should be it :-) just that spf was designed to be the domain sender authed makes it a bit better then just check mx is equal to the a record from the headers so to you question about trustness mx should be trusted, but its not usefull to do it one have a patch to spf test in spammassassin ?, there could and will be false positive, but anyway, we hate forwarding spam, no ? and hotmail.com have 1 million ips in there spf records, who loves them ? current rbldnsd have a cidr limit so 0.0.0.0/0 cant be valid -- This message was sent using 100% recycled spam mails.
