ietf-mailsig
[Top] [All Lists]

RE: Web pages for MASS effort

2005-01-09 14:24:05

On Fri, 7 Jan 2005, Hallam-Baker, Phillip wrote:

HELO validation in the style of CSV using SPF records for data may be a very
effective and useful compliment to MASS.

SPF isn't good enough for HELO verification, because it doesn't have a way
of distinguishing between a HELO name that is invalid for legacy reasons
and a HELO name that is invalid for malicious reasons. CSA will have a
mechanism to do this.

This kind of mechanism is less necessary for mail domains (SPF's main
target) than for HELO names, because a mail domain MUST have a valid MX,
A, or AAAA record in the DNS, whereas historical practice allows HELO
names to be completely bogus. About a third of sites rely on this loop
hole, so a decent HELO authentication+authorization mechanism has to
provide a way of safely closing the loop hole without causing problems for
legacy misconfigured sites.

Tony.
-- 
f.a.n.finch  <dot(_at_)dotat(_dot_)at>  http://dotat.at/
FAEROES: WEST 4 OR 5 BACKING EAST OR SOUTHEAST 5 TO 7, THEN BECOMING CYCLONIC,
PERHAPS GALE 8 LATER. SHOWERS THEN RAIN. GOOD BECOMING MODERATE OCCASIONALLY
POOR.


<Prev in Thread] Current Thread [Next in Thread>