WHM/cpanel renders SPF records useless!

[cyberspirit]

Dues to a bug in WHM's DNS editor all SPF records become useless and your outgoing email might bounce!

Normally entered spaces in TXT fields in a zone file should be stored as such and sent to the client who does a lookup.

For example this SPF record in a TXT field is correct:

domain.com IN TXT v=spf1 a -all 28397s

this is what WHM makes out of it:

domain.com IN TXT v=spf1a-all 28397s

as you can see all spaces are deleted and therefor this field no longer is valid!

I submitted a bug and hope the cpanel team will jump on this quickly since SPF is used to cut down on spam http://spf.pobox.com
and right now cpanel/WHM is not only not helping the effort but actually hindering it!

[cyberspirit]

I have actually reopened that bug since my bug report is about non-rfc compliant handling of TXT fields in zone files by WHM and not just SPF specific.

As far as your comment about SPF never working, well you are allowed to have your opinion. It just shows me that you are completely out of touch whith what is going on the behind the scene of SPF and SMTPi.
Nay-sayers like you will always kill new proposals because they are not perfect yet. And if someone like you would have been in charge of developing ethernet I guess we would still be running token-ring.

[cyberspirit]

Your latest post just shows more how out of touch you are with the issue. more and more isp stop to block port 25 because it has created more hassles than help, and all of that before spf was even around. auth smtp is the way to go and a lot of isps have recognized that.
but besides that, over 6000 domains have published spf record. And according to my contacts at the AOL postmaster office, with a lot of success, to block spoofed spam and all the illegal returns.
Here is a list of major backers of spf:
AOL.com Altavista.com DynDNS.org E!Online.com (the ! is silent) GNU.org LiveJournal.com MotleyFool.com OReilly.com Oxford.ac.uk PairNIC.com Perl.org PhilZimmermann.com SAP.com Symantec.com Ticketmaster.com w3.org and of course foo.com

And recently several publications wrote about spf in a very favorable way, including Linux Journal.
So now are you still trying to tell all of us how bad this is?
Perhaps you are a genius who has not been discovered yet?
And how about fixing the link in your signature? The cpanel page "There is no website configured at this address." is not really a good example for a "Sr Network Engineer", lol

[B12Org]

Originally posted by cyberspirit
over 6000 domains have published spf record

so, 6000 out of 600,000,000? Wow thats some thing to take seriously

[cyberspirit]

Yes, it actually is if you look at who is backing it and for how much email traffic they stand for and in what period of time they got the 6000 domains. I saw a new number that is actually over 10,000 so it is growing fast.
Nobody had to use SPF if you do not want to - but do you have a better idea or proposal? Please step forward!

[B12Org]

Yeah, just take spammers out back and shoot em

[cyberspirit]

Yeah B12,
That really solves the problem, I guess you just showed you do not have any solution to offer, just to complain about the ones who work hard to bring one forward.

By the way, nice website you guys have, just a little bit outdated?

I found this here in your "About us" and got a kick out of it - I guess you have not done any updating to it in the last years?

"What We Use:

We use Red Hat Linux and Cpanel 6. For our resellers we use a WHM interface in order for our customers to administer and manage their clients. Our server is located in San Antonio Texas (USA). This is a perfect place for it, because of its known lack of natural disasters, and its remote location away from major cities and potential threats."

[B12Org]

Yeah, its is outdated.

Personally, I dont care enough to do anything. It doesnt bother me that much. I just block em the first time, and never have to deal with it again. Who cares about em. If you are big ISP then I could see the need, but who here is a big ISP?

And the problem is not with the possible solutions being developed, it is with the people doing the initial acts. Spammers will always spam, no matter what you do, no matter what system is in place, some one will always find a way to circumvent it. Its just human nature. Thats what we do, when some one tries and stop us, even if it is for the better good, our pride and our wallet make us find a way to go back and detrement society yet again and again.

I applaud those who do work to try and stop it, weather they are successfull or not, but I do believe its a loosing battle.

[athakur999]

SPF is great for big ISPs, but it's useful for anyone. It provides some protection against joe jobs for example. It'd be much harder for somone to try and tarnish your business's reputation if you published SPF records. They wouldn't be able to use a random mail relay or trojaned computer since they wouldn't match your SPF entries.

[chrisbond]

Originally posted by athakur999
SPF is great for big ISPs, but it's useful for anyone. It provides some protection against joe jobs for example. It'd be much harder for somone to try and tarnish your business's reputation if you published SPF records. They wouldn't be able to use a random mail relay or trojaned computer since they wouldn't match your SPF entries.

I have to agree this this comment you think about yahoo.com and hotmail publishing there SPF, they will stop a LOT of spam if you have the SPF integeration on your server. Theres more and more of the big guys installing spf on there DNS.

[cyberspirit]

if you actually think about what SPF really does then you will come to understand that using SPF to filter incoming mail is of more benefit for the small company than the large ISP.
Why?
well spammers love to fake email addresses from the big guys like AOL or Hotmail or Yahoo. So the chance that you catch fake email from these ISPs by using SPF to filter is higher than for AOL to filter fake email that is sent with an email address of the little guy.