Menu
▾
▴
Re: [Sqlgrey-users] SPF record for google (was google alerts)
|
From: Lionel B. <lio...@bo...> - 2007-03-18 22:08:26
|
Dan Faerch wrote the following on 18.03.2007 21:47 : > Michael Storz wrote: > >> Yesterday, I forgot to check for a SPF record. Here it is: >> >> dig +short txt _spf.google.com. >> "v=spf1 ip4:216.239.56.0/23 ip4:64.233.160.0/19 ip4:66.249.80.0/20 >> ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ?all" >> >> Instead of using *.google.com we could use all the relevant ip addresses, >> or use both. >> >> > I know Lionel hates SPF, I don't hate it. I even used it on both sides: publishing DNS TXT records and using them with SpamAssassin. I learned that on both sides it doesn't help much: - after publishing SPF records we had to setup an authenticated SMTP service which was not always usable by the staff working outside our building (when they were behind firewalls for example, which was most of the time...), then we setup a webmail which brought some problems of its own (lack of history, suboptimal interface, ...). - SpamAssassin had very low scores for SPF matches which clearly demonstrated that success or failure doesn't really mean much for the nature of the mails... > but would it be an idea to add SPF > functionality to the whitelist process? > > Ie. instead of *.google.com do "SPF:google.com" and have sqlgrey do all > the lookups? > Since it is illegal in Denmark (where i live) to send mail to anyone who > didnt request it (read spam), it would be cool for me to be able to add > "SPF:*.dk". > Assuming we adapt SQLgrey to allow asynchronous DNS lookups, how do you propose such entries would affect the behavior of SQLgrey? How should SQLgrey cope with both false SPF positives and negatives? Why should we use SPF for a part of the domain space and not all of it? Lionel |
