Ruleset to lock domain to IP address
Matt Kettler
mkettler at evi-inc.com
Thu Oct 26 16:22:47 IST 2006
Glenn Steen wrote:
> On 26/10/06, Matt Kettler <mkettler at evi-inc.com> wrote:
>> As you've seen, anyone can create a giant "SPF hole", either by SPFing a
>> unmoderated list, or by just creating a SPF record that passes
>> everything. But
>> that's OK. This doesn't break SPF the purpose of SPF.
>
> Exactly. And as I said, it's not really SPF I don't like, but the
> "bad" admin (who has been notified about the problem... Not answering
> mails to postmaster... Sigh. For everything else, they run a very tidy
> shop, so .... this just nettles me:).
Yeah, but my point is there's NOTHING WRONG with what this admin is doing. It's
perfectly valid and within expected behavior to do this to a public mailing list.
Why would this application of SPF be bad?
Or am I misunderstanding what you mean by "unprotected"? ie: is it a "anyone can
add subscribers" or "anyone can post"?
If the later, it's not really much different than sourceforge.
> e difference between UBS and Lehman, in a nutshell:-D.
> With the latter (and some other big financial players like MSCI) I
> have to use *something* to bring their score averages down, and it has
> so far been diverse def_white* things (I'm sure there are better ways
> to do this, but these suit me ATM:-)
Ahh, so your problem here isn't really SPF, it's with using SPF based whitelist
for a site that doesn't really fit all the proper criteria for whitelisting,
because not all of their activities are trusted. :)
I agree.. whitelisting sucks, and I avoid it whenever possible. :)
I have a total of 14 whitelist_* entries in my config beyond what SA ships with.
If you exclude whitelists for spam discussion lists (ie: this one), and parts of
my own network, I only have 8.
More information about the MailScanner
mailing list