[DShield] SPF is fundamentally flawed

John Hardin johnh at aproposretail.com
Wed Feb 18 17:02:00 GMT 2004


On Wed, 2004-02-18 at 06:53, Erik van Straten wrote:

> SPF will *not* prevent this because Sender <NobodyCares at aol.com> is
> Permitted From any AOL customer IP address.

If true, this is not a flaw in SPF but rather a flaw in AOL's published
SPF records - this behavior would indicate they're saying "all of our
dialups are legitimate sources for email using @aol.com addresses"...

[johnh at johnh johnh]$ dig aol.com txt
;; ANSWER SECTION:
aol.com.                300     IN      TXT     "v=spf1
ip4:152.163.225.0/24 ip4:205.188.139.0/24 ip4:205.188.144.0/24
ip4:205.188.156.0/24 ip4:205.188.157.0/24 ip4:205.188.159.0/24
ip4:64.12.136.0/24 ip4:64.12.137.0/24 ip4:64.12.138.0/24 ptr:mx.aol.com
?all"

Yikes. Do they *really* have nine class-C blocks devoted to outbound
email? I did a few reverse lookups in those blocks and didn't see any
names suggestive of client IPs...

--
John Hardin  KA7OHZ                           
Internal Systems Administrator/Guru               voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
  Failure to plan ahead on someone else's part does not constitute an
  emergency on my part.
                                  - David W. Barts in a.s.r
-----------------------------------------------------------------------
 12 days until ICQ Corp goes away - have you installed Jabber yet?




More information about the list mailing list