Home page logo

nanog logo nanog mailing list archives

Re: On the inoc-dba subject
From: Jon Lewis <jlewis () lewis org>
Date: Mon, 6 Feb 2006 11:07:45 -0500 (EST)

On Mon, 6 Feb 2006, Joe Maimon wrote:

pch.net publishes a SPF record:
"v=spf1 ip4: mx mx:woodynet.net a:sprockets.gibbard.org
a:ghosthacked.net ~all"

Besides going from soft-fail (~all) to fail (-all), they are already
giving you the tools you need to validate a MAIL FROM: claim.

Thats all very well and good, but advising people who do not validate with spf to whitelist by domain name is an over-simplification.

So call it additional clue-boundary to entry and be done with this silly thread.

Besides, the site doesn't specify how to filter/whitelist...just to make sure you can accept mail from pch.net. A simple person might take that to mean "I better allow any @pch.net from address" but that's not what the site says.

 Jon Lewis                   |  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]