Re: hallmark greeting card spam and broken spf records.

Sun, 05 Aug 2007 13:26:42 -0700 

Michael Scheidell wrote:


#2, hallmark ITSELF has broken spf records (componds the problem)



That IS the problem as I understand it.  It appears that Hallmark has 
made a legitimate effort to publish an accurate SPF record identifying 
their systems.  Unfortunately the record is unnecessarily too long and 
needs to be condensed.  A quick glance tells me that there are 10+ ip4: 
addresses that could be combined into 2 or 3 ip4:s using CIDR notation. 
 This would result in the record fitting into the required length.




#3, the SPF plugin is broken, it sets SPF_PASS on hallmarks broken spf
record.



I beg to differ.  The SPF plugin is not broken.  The SPF plugin doesn't 
even see or know what an SPF record is.  At best there's an issue with 
Mail::SPF::Query or Mail::SPF that you should bring to Julian Mehnle's 
attention if the problem is present in the current version of Mail::SPF.




#4, if I go to 'joesnewsite.com' and email a link to a friend, 'joe' is
too stupid to set the correct headers, and the person I send to might
bounce it since joe isn't an authoritative server.



I'm not sure what this has to do with your issue with Hallmark's broken 
SPF record.




#5, the ~ and ? Records are stupid, and should be totally ignored by SPF
plugins.



Again, I disagree and can guarantee that SA's behaviour will not change 
in regard to this.  Either is will pass and get SPF_PASS or it will 
terminate with either ~ or ? and get SPF_SOFTFAIL or SPF_NEUTRAL 
respectively.  If you don't like ~ and ? then just ignore SPF_SOFTFAIL 
and SPF_NEUTRAL.  In fact, for anything requiring any sort of auth 
indication SA does ignore the latter two.




#6, SPF could not have been used in this specific case to block a
'phish' hallmark card since due to one of many of the above issues, the
SA supported SPF plugins VALIDATED the source as 'SPF_PASS' for the
phishing email.



Again if the current version of Mail::SPF returns a pass result when a 
record is too long (and the submitters IP isn't in the allowable length 
of the record) then the community would be best served by you bringing 
this up with Julian, on one of the SPF lists, rather than ranting about 
it here.




SPF is broken. (but I do use it, I publish SPF and SENDER-ID records,
and use them in scoring, even though SPF is broken)

Follow the thread from the beginning, maybe it will make more sense to
you.



If your mail client didn't annoyingly break threading it would be a heck 
of a lot easier to follow your threads.



Daryl






















					Reply via email to