Re: Penalty for no/bad SPF

Wed, 24 Jan 2018 17:25:46 -0800 

On Wed, 24 Jan 2018, Dianne Skoll wrote:


On Wed, 24 Jan 2018 14:20:57 -0800 (PST)
John Hardin <jhar...@impsec.org> wrote:


At this point, I would be willing to penalize sites with bad SPF
records (syntactically invalid; more than one different SPF record
attached to the same domain, etc.)  Those people really deserve
penalties because they've messed up.



Does that include "+all" or authorizing more than a class-b space
through any method, which I'd characterize as "malicious" rather than
"messed up"?


+all is malicious for sure.  More than a Class-B might just be bad
planning AKA Microsoft's outbound IP address list.
I was thinking more the case where subrange assignments were used to avoid explicitly using "+all" as a way to avoid naive malice checks, e.g. doing "+ip4:0.0.0.0/1 +ip4:255.0.0.0/1". For reliability the threshold size might need to be larger than a class-B (that was off-the-cuff), or it might need some explicit whitelisting for broken-yet-legit domains (AKA msft). 


However, a malicious actor can use the "exists:" mechanism to simulate
+all in a way that can't easily be proven by an SPF evaluator. :(

I would like to see the exists: mechanism tossed.
So we add a point for using "exists:" and for defining multiple subranges that add up to > class-B (or whatever threshold seems reasonable) and for any other constructs that are abused by spammers to define "SPF pass wherever my bots send from".
It's sounding like we need "SPF cluebat" and "SPF malice" scoring plugins... :) 


--
 John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
 jhar...@impsec.org    FALaholic #11174     pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  ...intellectuals have no interest in what _creates_ wealth, and
  what _inhibits_ the creation of wealth. They are very concerned
  about the _distribution_ of it, but they act as if wealth just
  exists somehow. It's like manna from heaven, it's only a
  question of how we split it up.                    -- Thomas Sowell
-----------------------------------------------------------------------
 3 days until the 51st anniversary of the loss of Apollo 1

Reply via email to