On Sat, 2009-07-04 at 07:29 +1000, Res wrote: > On Fri, 3 Jul 2009, Benny Pedersen wrote: > > > > > On Fri, July 3, 2009 15:13, rich...@buzzhost.co.uk wrote: > > > > folowup: > > > > v=spf1 ip4:62.233.82.168 ip4:82.70.24.238 mx ~all > > > > in dns > > > > v=spf1 ip4:62.233.82.168 ip4:82.70.24.238 mx ~all > > localhost. IN TXT "v=spf1 a -all" > > mail1.buzzhost.co.uk. IN TXT "v=spf1 a -all" > > mail2.buzzhost.co.uk. IN TXT "v=spf1 a -all" > > mail3.buzzhost.co.uk. IN TXT "v=spf1 a -all" > > smtp.spamsandwich.co.uk. IN TXT "v=spf1 a -all" > > spam2.spamology.co.uk. IN TXT "v=spf1 a -all" > > > > > > well its your domain your problem to add this to dns, not my problem > > > > Why are people still using the outdated and no longer recommended > domain TXT method? > > The RR type SPF was ratified some time ago. If an OS uses an antiquated > resolver that does not know about the SPF RR, that too is the operators > problem, no one elses. > > The domain concerned is one of around 800 used to harvest spam. They are spread across hosts and are predominantly for incoming mail. Some have 'spoof' websites and forums - in fact I think buzzhost has some telecom wiring stuff thrown together. The non working forums and comments boards are a great way to harvest information about another kind of spam - web 'forum' spam. You often get to see links posted in forums before they appear in emails.
This is why I really don't care about the broken DNS. It does not matter as they are, mostly, not outgoing MX's. Sure - Benny seems to get a little excited about it - but I'm not really that bothered. Apart from the SPF there are some other great howlers in there too. Like lowest priority pointing to localhost - that always makes me giggle when I think of those 'lowest priority' bots trying to effectively connect to themselves. As for the RR for SPF, yep. I'm aware of that too. I have found - however - that lots of small businesses don't even have SPF let alone PTR and getting them to use RR TXT for spf is hard enough, let alone RR SPF. An easy way to fix this is to block everything without a valid SPF record, but in the real world I don't see lots of mail admins doing it. As an aside to this my time at Barracuda gave me some concerns about the DNS load of SPF. Whilst it may be specific to their flaky 'BSMTP' proxy MTA implementation, activating SPF checks on their units will slowly kill the unit until it crashes and the mail backs up. Another one of those Barracuda 'features' that is fine until you try to use it.... (much like outgoing DKIM but don't get me started). So, taking things on Balance SPF is a great idea - but compliance is patchy. Even Benny's "You don't have SPF so I'm blocking you" was clearly b/s when I tried it with other MX's with no SPF. Nothing more than a kiddy rule set-up FWICS. Hopefully this answers any questions raised about 'buzzhost'. I can't see why there is that much interest, but I'm flattered. Benny - if you want to get in my pants darling, I don't play hard to get. Buy me a drink and give me a kiss and I'm all yours.
