SPF checker

M

Martin Gregorie

Is there a utility or class/package that can verify that the SPF entry
in a master DNS domain definition is correct?
 
N

Nick Leverton

Is there a utility or class/package that can verify that the SPF entry
in a master DNS domain definition is correct?

The people on the SPF lists were working on a validation suite for SPF
implementations, but I don't remember a downloadable one for checking
records. Not read them for a while though and maybe that situation
has changed.

Does Bruce Kitterman's online SPF record validator at
http://www.kitterman.com/spf/validate.html help you at all ?

Nick
 
M

Martin Gregorie

Nick said:
The people on the SPF lists were working on a validation suite for SPF
implementations, but I don't remember a downloadable one for checking
records. Not read them for a while though and maybe that situation
has changed.

Does Bruce Kitterman's online SPF record validator at
http://www.kitterman.com/spf/validate.html help you at all ?
Many thanks.

I was expecting a command line or graphical utility but that validator
does exactly what I wanted. It rooted out an erroneous ip4: term that
had been suggested by the wizard at openspf.org
 
G

Geoffrey Clements

M

Martin Gregorie

Geoffrey said:
There's been a lot of talk about SPF on comp.risks over the years. I
haven't followed the discussions very closely not having much interest in it
but there have been a number of people not particularly happy with it. One
such example:
http://catless.ncl.ac.uk/Risks/23.18.html#subj11.1
My interest in SPF is entirely that it can detect spam that uses my
domain as the (forged) sender. Without SPF there's no way that a forged
sender can be detected and I can do without the backscatter.

As its use spreads its my hope that MTAs will start discarding mail sent
to invalid mailboxes with a forged sender address. Its all they can and
should do: bouncing it just annoys some bystander.
 
M

Malcolm Dew-Jones

Geoffrey Clements ([email protected]) wrote:
: : > On Mon, 16 Jul 2007 10:17:24 +0100, Martin Gregorie
: > someone who said :
: >
: >>Is there a utility or class/package that can verify that the SPF entry
: >>in a master DNS domain definition is correct?
: >
: > If, like me, you are curious what SPF is, see
: > http://www.openspf.org/FAQ/What_is_SPF
: >
: > It is for detecting forged emails, which are nearly always spam.

To be precise, it detects 1) does a domain restrict the networks a user
can send mail from while still claiming to be sending mail from that
domain? 2) is a user with a mail address in that domain following that
policy?

SPF by itself does not stop or identify any spam, and it doesn't really
detect forged email - partly because many sites do not supply SPF
information, and partly because an email is not necessarily forged simply
because it comes from a network unrelated to the domain of the mail
address.

What it does do is help a domain to enforce its mail policies by
restricting the networks from which its users can send mail.

The disadvantage to the user is that they must use the correct network to
send mail using that address. The advantage to the user is that if their
domain has a good reputation then their mail may not be blocked.

The advantage to the receiver is that they can reliably choose to trust,
OR NOT TRUST, certain domains.

Spammers often use SPF. The key missing ingredient is many anti-spam
discussions is the recognition that all SPF does is allow you to trust
that spammer domains are sending spam - you still have to list the site as
a spam haven - the SPF itself doesn't tell you anything about it being
spam or not.

: There's been a lot of talk about SPF on comp.risks over the years. I
: haven't followed the discussions very closely not having much interest in it
: but there have been a number of people not particularly happy with it. One
: such example:
: http://catless.ncl.ac.uk/Risks/23.18.html#subj11.1

They discuss "forwarding" of email. Arbitrary forwarding is not
ultimately any different that relaying. Open relays used to be a useful
and cooperative way to pass mail around. That was long ago, and open
relays are now a problem. The policy of forwarding mail is now ultimately
flawed for the same non-technical reasons that open relays are flawed.

They discuss other things too, but I shouldn't spend more time on this.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,743
Messages
2,569,478
Members
44,899
Latest member
RodneyMcAu

Latest Threads

Top