On 02/25/2006 14:14, Hector Santos wrote:
I have been exploring this rule in our SPF implementation with great
success:
result = SPF(MFROM.DOMAIN)
if result in [NEUTRAL, SOFTFAIL] then
if HELO.DOMAIN = MFROM.DOMAIN and
result = FAIL
In other words, if the MACHINE and the SENDER is the same domain, then
there is no reason for a NEUTRAL or SOFTFAIL in the SPF(MFROM.DOMAIN)
result.
Any comments about this?
Generally speaking I wouldn't expect this to come up since HELO.DOMAIN is
supposed to be machine specific. This might work for domains (like Hotmail,
last time I checked) that incorrectly use the same HELO.DOMAIN for all their
servers.
More broadly, I think what you are after is not if HELO.DOMAIN = MFROM.DOMAIN,
but if HELO.DOMAIN is contained in MFROM.DOMAIN, e.g. HELO.DOMAIN =
relay.example.com and MFROM.DOMAIN = example.com. That's a more complex
consideration, but one that's likely to be more commonly relevant.
I'd imagine that it's worth exploring and getting some statistics on.
Scott K
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com