Re: [Asrg] misconception in SPF

Alessandro Vesely <vesely@tana.it> Sat, 08 December 2012 18:43 UTC

Return-Path: <vesely@tana.it>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 586F621F8546 for <asrg@ietfa.amsl.com>; Sat, 8 Dec 2012 10:43:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.719
X-Spam-Level:
X-Spam-Status: No, score=-4.719 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BGfDeE1V33YO for <asrg@ietfa.amsl.com>; Sat, 8 Dec 2012 10:43:08 -0800 (PST)
Received: from wmail.tana.it (www.tana.it [62.94.243.226]) by ietfa.amsl.com (Postfix) with ESMTP id 4595721F8531 for <asrg@irtf.org>; Sat, 8 Dec 2012 10:43:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=beta; t=1354992184; bh=pkiWbN9UroDpRYe7IO0fEhchQBsMEdAGtCBGfTuB/nk=; l=903; h=Date:From:To:References:In-Reply-To; b=PX89Xtv/gsYmV+AJBORWBljijy1J174AqPO/aY2yY6j+hQVfJqHeY1qOIZ5XsRCi7 uAANaAC/dLrwWcOSItdt8JLNjDuxhS0pEYdneTOokA8/r4r6V8UEiVxrEj3fhj2UUN 2A5tukyWTxPKi4v0h7GJKOIs+FgJo76Qxa4mBwdk=
Received: from [172.25.197.158] (pcale.tana [172.25.197.158]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLSv1/SSLv3,256bits,AES256-SHA) by wmail.tana.it with ESMTPSA; Sat, 08 Dec 2012 19:43:04 +0100 id 00000000005DC031.0000000050C38A38.00000D3C
Message-ID: <50C38A37.8050602@tana.it>
Date: Sat, 08 Dec 2012 19:43:03 +0100
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: asrg@irtf.org
References: <20121207204554.18364.qmail@joyce.lan>
In-Reply-To: <20121207204554.18364.qmail@joyce.lan>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] misconception in SPF
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Dec 2012 18:43:09 -0000

On Fri 07/Dec/2012 21:45:54 +0100 John Levine wrote:

>>I think this makes sense, but I think it would make more sense if there was
>>a way to just specify in the SPF record for, for example, twitter.com, that
>>all legit senders for all subdomains are included in the highest level SPF
>>record.  
> 
> This sort of thing has been proposed before.  It turns out that
> anything in the DNS that starts "all names below this node ..." is
> astonishingly hard to implement.
> 
> (Yes, I know about zone cuts.)

It is easy to do the opposite, though.  For example, having

  leila.iecc.com TXT "v=spf1 redirect=iecc.com"

  would enable receivers, at the cost of an extra lookup, to infer
that iecc.com is in the same administrative domain of that mailer, for
reputation or reporting purposes.

Aren't there generic (i.e. non spf-specific) DNS conventions for
publishing such relationships?