roberth at abbacomm.net
Wed Sep 24 21:16:20 UTC 2008
> That's probably the reason why much spam has valid spf records. Get
> a throwaway domain, so you're getting through the domain check and give
> domain a valid spf record which allows all machines in the world to send
> mail for that domain. Voilà - valid SPF record.
> That's why I asked which problem SPF is trying to solve.
The SPF Qmail patch we use on CentOS Opsys has a special case for SPF from
And we discard on that signal...
At this site...
Some spammers have found a way to work around SPF filtering. They simply
purchase their own bogus domain names for ten dollars each, give them SPF
records which contain "+all" (which says that every IP on the planet has
permission to send mail "From" their domain), and use their own domain name
as the sender address in their spam.
If this variable contains a non-zero value, any such SPF record will be
changed from "+all" to "-all" before the SPF test is performed. Since most
spammers have "+all" as the only term in their SPF record, this effectively
blocks every IP address.
Anyways, to get more back on topic, I cannot image it would take more than 2
minutes for you to do an SPF record for your main domains
Then, depending on whatever mail server software you are using, find the DK
or DKIM howto and implement.
Should be easy right?
More information about the CentOS