Ruleset to lock domain to IP address

Glenn Steen glenn.steen at gmail.com
Thu Oct 26 17:35:55 IST 2006


On 26/10/06, Matt Kettler <mkettler at evi-inc.com> wrote:
> Glenn Steen wrote:
> > On 26/10/06, Matt Kettler <mkettler at evi-inc.com> wrote:
> >> As you've seen, anyone can create a giant "SPF hole", either by SPFing a
> >> unmoderated list, or by just creating a SPF record that passes
> >> everything. But
> >> that's OK. This doesn't break SPF the purpose of SPF.
> >
> > Exactly. And as I said, it's not really SPF I don't like, but the
> > "bad" admin (who has been notified about the problem... Not answering
> > mails to postmaster... Sigh. For everything else, they run a very tidy
> > shop, so .... this just nettles me:).
>
> Yeah, but my point is there's NOTHING WRONG with what this admin is doing. It's
> perfectly valid and within expected behavior to do this to a public mailing list.

Ok, Ok, I get it...:-).

> Why would this application of SPF be bad?
>
> Or am I misunderstanding what you mean by "unprotected"? ie: is it a "anyone can
> add subscribers" or "anyone can post"?
>
> If the later, it's not really much different than sourceforge.
:-)

> > e difference between UBS and Lehman, in a nutshell:-D.
> > With the latter (and some other big financial players like MSCI) I
> > have to use *something* to bring their score averages down, and it has
> > so far been diverse def_white* things (I'm sure there are better ways
> > to do this, but these suit me ATM:-)
>
> Ahh, so your problem here isn't really SPF, it's with using SPF based whitelist
> for a site that doesn't really fit all the proper criteria for whitelisting,
> because not all of their activities are trusted. :)

Yup.

> I agree.. whitelisting sucks, and I avoid it whenever possible. :)
>
> I have a total of 14 whitelist_* entries in my config beyond what SA ships with.
> If you exclude whitelists for spam discussion lists (ie: this one), and parts of
> my own network, I only have 8.
>
Completely agree. I've got 5... and a PHB that is forever bitching me
to add more. So far I've had very selective hearing:-).

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se


More information about the MailScanner mailing list