Possible way to bypass SPF Test? - ORF Forums

Possible way to bypass SPF Test? RSS Back to forum

1

I was reviewing the logs today and found this warning:

Error checking the SPF policy of domain "interestsfreedom.com": SPF policy syntax error. Source "interestsfreedom.com", message "Multiple SPF declarations were found with the same version." at character -1.

Would setting up a bogus SPF policy for a particular domain that causes the SPF test to fail be a way spammers are trying to bypass SPF tests?

The IP & domain name for the server that sent the spam was:

93.174.94.204 (93-174-94-204.constellationservers.net)

Reply
by Josh more than 10 years ago
2

@Josh: If the sender domain has a bogus / syntactically incorrect SPF record (or, like in this case, multiple SPF records with the same version), ORF will simply skip the SPF test (as it is not possible to determine whether the sender host is authorized to send emails in the name of the domain or not) and proceeds with the rest of the tests. The email will not be excluded from other tests, so it is not possible to bypass filtering this way.

The SPF aims to prevent email forgery, so it helps when a spammer tries to spoof a legitimate, trusted domain. If the domain name in the sender address is bogus or controlled by the spammer (i.e., the spammer can set up an SPF record for it), the SPF test will not be of any use.

Reply
by Krisztián Fekete (Vamsoft) more than 10 years ago
(in reply to this post)

3

Thanks for the reply Krisztian!

Reply
by Josh more than 10 years ago

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2