[DShield] SPF is fundamentally flawed

John Hardin johnh at aproposretail.com
Wed Feb 18 17:02:00 GMT 2004

On Wed, 2004-02-18 at 06:53, Erik van Straten wrote:

> SPF will *not* prevent this because Sender <NobodyCares at aol.com> is
> Permitted From any AOL customer IP address.

If true, this is not a flaw in SPF but rather a flaw in AOL's published
SPF records - this behavior would indicate they're saying "all of our
dialups are legitimate sources for email using @aol.com addresses"...

[johnh at johnh johnh]$ dig aol.com txt
aol.com.                300     IN      TXT     "v=spf1
ip4: ip4: ip4:
ip4: ip4: ip4:
ip4: ip4: ip4: ptr:mx.aol.com

Yikes. Do they *really* have nine class-C blocks devoted to outbound
email? I did a few reverse lookups in those blocks and didn't see any
names suggestive of client IPs...

John Hardin  KA7OHZ                           
Internal Systems Administrator/Guru               voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
  Failure to plan ahead on someone else's part does not constitute an
  emergency on my part.
                                  - David W. Barts in a.s.r
 12 days until ICQ Corp goes away - have you installed Jabber yet?

More information about the list mailing list