Re: [Asrg] Re: SPF abused by spammers
2004-09-21 18:37:35
Markus Stumpf wrote:
On Fri, Sep 17, 2004 at 03:11:18PM +0000, Mark wrote:
Hello? Ever heard of HELO? :) Sending with en empty envelope-from,
to try and circumvent SPF, is pointless: checks are done against
HELO, in that case (as if tested against, say, postmaster(_at_)HELO).
Consequently, since there is nothing to prevent, there is nothing to
send "non empty" either (where empty was the case).
That was the reference I didn't find.
Which leads to the problem with
HELO [10.0.0.1]
or
HELO i222-150-67-241.s04.a013.ap.plala.or.jp
which would require all ISPs to add SPF records to all entities and
raises again the problems Barry Shein has addressed.
Well, only if that ISP allows people to send mail from their home IP
addresses. Otherwise, the ISP just has to create SPF records for its own
outgoing mail servers.
If people on a home network get their own $9 bucks domain name, they could
(and probably should) set their HELO string to their domain name, if they
are also sending from their home IP address(es). Then they can, themselves,
publish, or have published, SPF records for that domain. Setting HELO to
their PTR (if unchangeable, and provided by the ISP, and in the above format
you described), would not make much sense, in that case.
And: if I am a customer of some.isp and my current revDNS entry for
the IP I am using is
1.0.0.10.rev.dsl.some.isp
should I be allowed to send a bounce on behalf of that address, i.e.
use the name or IP in the HELO string?
I doubt you'll get far with a 10.0.0.1 address. :) But, assuming a public
address, why should you not be allowed to send a bounce from that address?
SPF "classic" does not check against your PTR; so, if you have proper SPF
records for your domain/HELO, why not? If your HELO is set to your own
domain name, and an A record lookup of the HELO matches your IP address,
you're in the clear.
- Mark
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [Asrg] Re: SPF abused by spammers, (continued)
- Re: [Asrg] Re: SPF abused by spammers, Barry Shein
- Re: [Asrg] Re: SPF abused by spammers, Peter J. Holzer
- Re: [Asrg] Re: SPF abused by spammers, Seth Breidbart
- Re: [Asrg] Re: SPF abused by spammers, Barry Shein
- Re: [Asrg] Re: SPF abused by spammers, Peter J. Holzer
- Re: [Asrg] Re: SPF abused by spammers, Markus Stumpf
- [Asrg] Re: SPF abused by spammers, Claus Färber
- Re: [Asrg] Re: SPF abused by spammers, Markus Stumpf
- Re: [Asrg] Re: SPF abused by spammers, Mark
- Re: [Asrg] Re: SPF abused by spammers, Markus Stumpf
- Re: [Asrg] Re: SPF abused by spammers,
Mark <=
- Re: [Asrg] Re: SPF abused by spammers, David Wilson
- Re: [Asrg] Re: SPF abused by spammers, Peter J. Holzer
- Re: [Asrg] Re: SPF abused by spammers, Barry Shein
- Re: [Asrg] Re: SPF abused by spammers, David Maxwell
- Re: [Asrg] Re: SPF abused by spammers, Seth Breidbart
Re: [Asrg] Re: SPF abused by spammers, Daniel Feenberg
Re: [Asrg] Re: SPF abused by spammers, Barry Shein
[Asrg] Re: SPF abused by spammers, Frank Ellermann
|
|
|