On Tue, 8 Aug 2006, Rob McEwen wrote:
The following are what I have deemed as frequently used official e-bay smtp
servers. This list might be used for whitelisting or/and negative scoring:
66.135.195.180-181
66.135.195.254
66.135.197.7-29
66.135.197.164
66.135.207.155
66.135.209.198-221
66.135.215.231-240
216.113.168.128
216.113.168.139
216.113.184.201-203
216.113.188.96
216.113.188.112
216.113.188.202
But I make no guarantees about this list. Please correct me if there are any
errors or omissions. Use at your own risk.
By looking up their SPF records, you get a much larger list:
s._spf.ebay.com descriptive text "v=spf1 ip4:66.135.209.192/27
ip4:66.135.197.0/27 ip4:64.4.240.64/27 ip4:64.4.244.64/27 ~all"
m._spf.ebay.com descriptive text "v=spf1 ip4:66.135.215.224/27
ip4:216.33.244.96/27 ip4:216.33.244.84 ~all"
p._spf.ebay.com descriptive text "v=spf1 ip4:67.72.99.26 ip4:206.165.246.83
ip4:206.165.246.84 ip4:206.165.246.85 ip4:206.165.246.86 ip4:64.127.115.252
ip4:194.64.234.129/27 include:p2._spf.ebay.com ~all"
p2._spf.ebay.com descriptive text "v=spf1 ip4:65.110.161.77 ip4:204.13.11.49
ip4:204.13.11.51 ~all"
c._spf.ebay.com descriptive text "v=spf1 ip4:12.155.144.75 ip4:62.22.61.131
ip4:63.104.149.126 ip4:64.68.79.253 ip4:64.94.204.222 ip4:66.135.215.134 ip4:67.72.12.29
include:c2._spf.ebay.com ~all"
c2._spf.ebay.com descriptive text "v=spf1 ip4:80.93.9.10 ip4:195.234.136.12
ip4:203.49.69.114 ip4:209.63.28.11 ip4:210.80.80.136 ip4:212.110.10.2 ip4:212.147.136.123
include:c3._spf.ebay.com ~all"
c3._spf.ebay.com descriptive text "v=spf1 ip4:213.219.8.227
ip4:216.113.168.128 ip4:216.113.175.128 ip4:216.177.178.3 ip4:217.149.33.234
ip4:220.248.6.124 ip4:67.72.12.30 include:c4._spf.ebay.com ~all"
c4._spf.ebay.com descriptive text "v=spf1 ip4:216.113.188.112
ip4:80.66.137.58 ip4:212.208.64.34 ip4:216.113.188.96 ip4:216.33.244.6 ip4:216.33.244.7
~all"
Grabbing the IP addresses out of that looks like this:
12.155.144.75
62.22.61.131
63.104.149.126
64.127.115.252
64.4.240.64/27
64.4.244.64/27
64.68.79.253
64.94.204.222
65.110.161.77
66.135.197.0/27
66.135.209.192/27
66.135.215.134
66.135.215.224/27
67.72.12.29
67.72.12.30
67.72.99.26
80.66.137.58
80.93.9.10
194.64.234.129/27
195.234.136.12
203.49.69.114
204.13.11.49
204.13.11.51
206.165.246.83
206.165.246.84
206.165.246.85
206.165.246.86
209.63.28.11
210.80.80.136
212.110.10.2
212.147.136.123
212.208.64.34
213.219.8.227
216.113.168.128
216.113.175.128
216.113.188.112
216.113.188.96
216.177.178.3
216.33.244.6
216.33.244.7
216.33.244.84
216.33.244.96/27
217.149.33.234
220.248.6.124
Of course, it is probably better to use whatever they publish
through DNS rather than your own fixed copy of the list,
which is bound to go out of date. Especially since a list
that long is likely to be out of date pretty quickly.
Also, in my previous message, I suggested maybe the original
poster should add some def_whitelist_from_spf configuration
lines. "perldoc Mail::SpamAssassin::Plugin::SPF" seems to
indicates that "whitelist_from_spf" (no "def") would be better.
Sort of on the same subject, is there any kind of network
whitelist of domains that both (a) can be trusted to themselves
not send out spam and (b) have valid SPF records? SPF strikes
me as a useful way of authenticating that messages were
not forged. But a spammer could get a server, register a
domain, and register valid SPF records. So you need both (a)
and (b) to be sure a message isn't spam. With a whitelist
of domains that use SPF and don't themselves send spam, you
could give a huge negative score to messages from that domain.
A distributed database would make it possible to make this
list pretty extensive (but never, of course, exhaustive).
Of course, the data in the distributed database would have
to be trustworthy...
- Logan
