On Fri, Apr 24, 2009 at 11:01 AM, Dan Harnett <dan...@harnett.name> wrote: >> On top of that, if VeriSign could be tricked into signing a fake >> Microsoft ActiveX key, can you really trust the authorities? > > Are you implying SPF records are validated somewhere and signed by a > trusted third party? They're not. They're provided by the bad guys. A > more proper analogy would be that you received an ActiveX control signed > by "The Bad Guys Who Do Bad Things". They were nice enough to sign it, > so you accept it. >
I was implying no such thing. I was referring to using WHOIS to block spammers on the basis of the date the domain was registered. > asfjsakf1359.com TXT "v=spf1 a:mail.asfjsakf1359.com ip4:0.0.0.0/0 ~all" Ok, now that gives us a pointer by which to block fraudulent folk. That record means anyone and everyone can send an email using that domain name. A proper SPF record wouldn't have an all-encompassing IP range. In fact, who in the world would have anything more than a /7 block? However that alone wouldn't deter any spammer - just limit the range to what's accepted and you're in. And any limit you set will only cause more dramas. Sure you could limit it to /24 and smaller, or even to single addresses, but what about those select folk who have been assigned /8 classless subnets? That's a whole lotta SPF records for one subdomain. No solution is perfect, but a small group of imperfect solutions is a far cry better than no solutions at all and our mailboxes being inundated with spam. The problem's here to stay, all we can do is deal with it as best we can. -- Aaron Mason AKA Absorbent Shoulder Man <i>Oh, why does everything I whip leave me?</i>
