On 26.01.17 19:53, David Jones wrote:
I understand what their SPF record means and how it works
but what they are publishing in their SPF record is not common.
Normally this would expand out to a list of IPs and CIDRs or DNS
records that can be turned into IPs that postwhite can use to build
a list for bypassing RBL checks.
SPF was never designed to create such lists. They can get easily obsolete,
miss some IPs and/or have some IPS that don't belong there.
Their SPF record can really only be evaluated by the MTA during
the SMTP conversation.
SPF records can be perfectly parser by SA or other software at
different time.
The main problem with parsing mail logs is the chicken-and-the-egg
issue where you may block a Yahoo mail server with an RBL for a
short period until you process the logs.
what informations do you search in logs that are not in mail headers?
I think they publish their SPF like this because they have no good
list of outbound mail servers themselves so they take the lazy
approach.
I believe that ptr method is one of best methods to implement in spf,
contrary what the authors say. (I believe) Most of MTAs verify fcrdns of
connecting
server so all required information are available in DNS cache at the time of
SPF processing.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fucking windows! Bring Bill Gates! (Southpark the movie)
