Re: [exim] block domain SPF with v=spf1 +all

Top Page
Delete this message
Reply to this message
Author: Magnus Holmgren
Date:  
To: exim-users
Subject: Re: [exim] block domain SPF with v=spf1 +all
On Monday 17 September 2007 08:03, Elijah Daniel wrote:
> I've been searching the web on howto block domain with this SPF entry
> "v=spf1 +all" on exim4 on debian but couldn't find howto do it. We are
> using Exim4 on debian with spamassin installed.


If you're trying to detect domains that authorize the entire IP address space
(or large portions of it), remember that that can be done in more ways
than "+all". In principle you have to process all SPF terms, including
include:s, in order to determine the set of authorized IP addresses, which is
something different from what libspf2 does: checking whether a particular
address is authorized.

In practice, using something like ${if match {${lookup dnsdb
{txt=$sender_address_domain}}} {v=spf1.*\+all}} (note: very rough example!)
might work surprisingly well. (But if it becomes widespread, spammers will
start working around it.)

-- 
Magnus Holmgren        holmgren@???
                       (No Cc of list mail needed, thanks)