On Fri, 7 Jan 2005, Hallam-Baker, Phillip wrote:
HELO validation in the style of CSV using SPF records for data may be a very
effective and useful compliment to MASS.
SPF isn't good enough for HELO verification, because it doesn't have a way
of distinguishing between a HELO name that is invalid for legacy reasons
and a HELO name that is invalid for malicious reasons. CSA will have a
mechanism to do this.
This kind of mechanism is less necessary for mail domains (SPF's main
target) than for HELO names, because a mail domain MUST have a valid MX,
A, or AAAA record in the DNS, whereas historical practice allows HELO
names to be completely bogus. About a third of sites rely on this loop
hole, so a decent HELO authentication+authorization mechanism has to
provide a way of safely closing the loop hole without causing problems for
legacy misconfigured sites.
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
FAEROES: WEST 4 OR 5 BACKING EAST OR SOUTHEAST 5 TO 7, THEN BECOMING CYCLONIC,
PERHAPS GALE 8 LATER. SHOWERS THEN RAIN. GOOD BECOMING MODERATE OCCASIONALLY
POOR.