Dave Anderson wrote:
On Wed, 22 Apr 2009, jared r r spiegel wrote:

On Thu, Apr 23, 2009 at 12:30:28AM +0000, Stuart Henderson wrote:

I see a tiny little problem with this method... sometimes people send
spam from domains whose DNS they control.
 +1

 i think part of the success i experience using SPF as a means to create
 whitelists is in the fact that i maintain the list of domains i fancy
 whitelisting.  unfortunately, it would be trivial for someone to take
 advantage of an spf-based automatic whitelist to slip right on thru
 spamd(8).

 it's a pisser.

What might make sense is to alter the script to generate a list of
canditates for whitelisting, but only apply any of them after they are
manually approved.

Or to may be allow to actually have a list that the script cold checked against to make the changes, witch would achieve the user intended results and at the same time eliminating the possibility to have one domain adding it's own records if that's no restricted.

Like yo could create a google.com in the list and that would allow connection from google being automatically added via the SPF records, but no others would unless you manually add their name to the allow auto extension of the SPF name list.

Just a thought, not sure it's the best idea, but that's one way to keep it automatic like intended to be use.

Daniel

Reply via email to