Milter-greylist

--- In milter-greylist@yahoogroups.com, manu@... wrote:
>
> Jim Hermann <hostmaster@...> wrote:
> 
> > See http://tech.groups.yahoo.com/group/milter-greylist/message/3701
> > 
> > We need all the SPF return codes available, plus a custom return 
code
> > for +all results.
> 
> Better than +all, you can check whether your own IP address validates
> the sender SPF record. If it does, odds are that you have a wide-
open SPF
> record.

Unless it was a SPF Record for our own domain.  ;)  My incoming server 
gets email from domains that are also authorized to send email from my 
IP Address.  My own domain SPF record looks like this:

"v=spf1 ip4:69.94.104.180 ip4:69.94.104.190 ptr:quickbooks.com 
ptr:yahoo.com ptr:sbcglobal.net ptr:enom.com ptr:rr.com 
ptr:meadville.edu ptr:chron.com -all"

I guess you could pick a completely random IP Address.  The odds are 
pretty small of hitting a member of the IP Addresses in a legitimate 
SPF record.  The odds of hitting a single CIDR set of /16 addresses 
would be 1/65536.  A SPF Record like mine is pretty broad and it still 
probably would be less than a 1/1000 chance of randomly hitting it.

Alternatively, you could let the user pick a secret IP Address.  It 
could be their IP Address, a random IP Address, or the IP Address of a 
unassigned IP Address in China.  This is probably a better idea.

Jim