Mailing List Archive

On Wed, Jul 07, 2004 at 07:53:58AM -0400, leonard.gray@srs.gov wrote:
> In running initial tests, the sample "mengwong@vw.mailzone.com" appears to
> work ok, but it also looks like that address is hardwired into SPF to
> produce a predetermined response. It doesn't LOOK like any type of DNS
> lookup is being performed. Needless to say, forged addresses from sites
> that I believe have SPF recs published do not reject. I have the CID2SPF
> module installed as well.

It doesn't LOOK like it, but what is actually going on? Can you check
the logs of your (caching?) dns? Do you have a dns at all. What leads
you to the conclusion that it 'LOOKS' like any type of dns lookup is
being performed??

What are sites that you 'believe' have spf recs? Did you actually do a
dig/nslookup/host to see if they actually have SPF records or not, and
if so, what these records are?

Koen

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Sorry for the previous babbling. I've learned tons in the last few hours.

Most of the failures I *thought* were occurring were returning "neutral"
as they're in transition. I checked the "high profile" domain list at
spf.pobox.com, ran manual nslookups, and found the transitional, soft, and
hard fail sites. SPF is working perfectly. Even hotmail and microsoft
return "neutral" for now, which I suppose will change in time.

Thanks for your response!




Koen Martens <spf@metro.cx>
Sent by: owner-spf-help@v2.listbox.com
07/07/2004 02:19 PM
Please respond to
spf-help@v2.listbox.com


To
spf-help@v2.listbox.com
cc

Subject
Re: [spf-help] CID2SPF






On Wed, Jul 07, 2004 at 07:53:58AM -0400, leonard.gray@srs.gov wrote:
> In running initial tests, the sample "mengwong@vw.mailzone.com" appears
to
> work ok, but it also looks like that address is hardwired into SPF to
> produce a predetermined response. It doesn't LOOK like any type of DNS
> lookup is being performed. Needless to say, forged addresses from sites
> that I believe have SPF recs published do not reject. I have the
CID2SPF
> module installed as well.

It doesn't LOOK like it, but what is actually going on? Can you check
the logs of your (caching?) dns? Do you have a dns at all. What leads
you to the conclusion that it 'LOOKS' like any type of dns lookup is
being performed??

What are sites that you 'believe' have spf recs? Did you actually do a
dig/nslookup/host to see if they actually have SPF records or not, and
if so, what these records are?

Koen

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

In <OF8F4A2613.2384FC92-ON85256ECA.0040AD05-85256ECA.00415DBB@srs.gov> leonard.gray@srs.gov writes:

> I have the CID2SPF
> module installed as well.


For what it is worth, I recommend not using the CID2SPF module for one
simple reason: almost no one is publishing only MicroSoft's Caller-ID
records.

This is based on a couple of surveys I've done on 1.3 million email
domains, the most recent was a couple of weeks ago. (I posted results
to the SPF-discuss and the IETF MARID lists). I found only a couple
dozen domains that published Caller-ID exclusively, only three of
which have any significant email traffic. Those three are
hotmail.com, microsoft.com and exchange.microsoft.com.

In the month between my first and second surveys, I found only three
new domains publishing Caller-ID information (compared with thousands
of new SPF publishers). MicroSoft is abandonding the Caller-ID spec
in favor of the newer (and better) Sender-ID spec, which is still
going through developement in the IETF. It appears that Sender-ID
will use the SPF records as its basis instead of the Caller-ID
records.


Basically, using CID2SPF is a waste of time/resources and will almost
certainly become even less useful in the future.

If you are using SPF for whitelisting, instead of just rejecting
forged email, then I would recommend using the perl M:S:Q's and/or
libspf2's (aka libspf-alt) "override" functionality to create SPF
records for Hotmail and Microsoft.


-wayne

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com