lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed Jun 7 20:27:13 2006 From: michael.holstein at csuohio.edu (Michael Holstein) Subject: Strange Emails -- What are they? > What would really help is SPF, if you can manage it. That way you can > reject mail that claims to come from your domain but does not come from > your mail servers. But this is all a bit OT, not really full disclosure. Well, sort of. Too many domains do something like '~' or '?' instead of '-' like they should. (dig -t txt $domain) : AOL : ?all Hotmail/MSN : ~all Google : ~all http://en.wikipedia.org/wiki/Sender_Policy_Framework AOL's is perticularly ironic, considering they hard-hand other folks into publishing a SPF record to deliver to them, but publish a ?all (no policy) record themselves. What you can do quite effectively though, is to consider SPF (to penalize) as one of several factors in something like SpamAssassin. ~Mike.
Powered by blists - more mailing lists