<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: Domain spoofing - was Re: [anti-spam-wg@localhost] I wrote a spamfilter in Perl

  • To: "pna.lists" < >
    < >
  • From: Paul Wouters < >
  • Date: Wed, 8 Oct 2003 14:13:09 +0200 (MET DST)

On Wed, 8 Oct 2003, pna.lists wrote:

> Shouldn't we start implementing SPF?
> 
> http://yro.slashdot.org/article.pl?sid=03/10/06/0044200
> 
> http://spf.pobox.com/

"We're in an experimental stage right now: we need lots of domains to publish 
SPF records so we can see if there's anything wrong with the idea of 
wildcards and TXT records"

The idea of advertising who is allowed to send for a domain is good. I had 
talked to various people about the idea of doing this with the MX record,
but obviously not everone has incoming and outgoing mailservers on the 
same box.

Doing it in TXT records is clumsy. We (as in IETF dnsex group) are doing something
really wrong if people need to keep abusing the TXT records for stuff. I guess
it would be good to start with, but ideally a new RRtype should be used.

Last, since I'm personally doing lots of dnssec stuff, I really do not want to put
in wildcards in my dns. My hatred for wildcards is only marginally less then my
hatred for spam.

I'd implement a similar idea that does not depend on wildcards immediately for all
our domains, which if they are .nl domains, are then even dnssec signed as well.

(now let's all push RIPE to sign the their in-addr.arpa zones :)

Paul




  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>