ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Input on identities

2004-04-06 18:03:54
from [John Gardiner Myers] [Permanent Link] 

Greg Connor wrote:


  * Bogus HELO is often used to mislead people.  Checking HELO for
   obvious, outright forgery keeps MY domain from being mentioned
   in a bogus message if I am not related to the sending client.
   This may lead to a reduction in misdirected abuse reports.
Does anyone have evidence of a significant number of abuse reports misdirected to forged HELO values? 


 * HELO is a logical "fallback" in the case of MAIL FROM: <>
The From: header is a much more logical and useful fallback for the empty return-path. 


 * HELO is currently pretty useless because it is not checked, but
   encouraging server admins to use the right name can have long-term
   benefits.
Unless you state what these benefits will be, their value cannot be determined.
In the Apr 5 conference, the benefit listed was the ability to use a domain instead of an IP address as an index into some yet to be developed accreditation/reputation service. There are, however, numerous RBL services which demonstrate that IP-indexed reputation services do work. 

Gordon Fecyk wrote:


<>> 2821 HELO/EHLO domain
Useful for verifying the identity of a MTA only, but this is very useful to 
know for such things as delivery status notifications, allowing
store-and-forward when the MTA isn't a sender for a domain, and similar.
How is it useful to know? What does verifying the identity permit the receiver to do?
<>Delivery Status Notifications are unverifiable by MAIL FROM alone. HELO/EHLO checking provides additional information to identify if the DSN at least came 
from a verifiable MTA. The operators of the MTA could then be held
accountable for DSNs originating from it.
How is this additional information help? Can not the operators of the MTA be held accountable based on IP address? 

Hector Santos writes:


However, from what we have learned with a consistent number of hits, the
questions are now:

- Why aren't these people learning?
- Why aren't they adapting to the enforcements?
- Why do they keep trying on what seems to be a daily schedule?
They aren't learing or adapting because your enforcement isn't a sufficiently large portion of the ecosystem. My experience at a provider which was a sufficiently large portion of the ecosystem is that those people do learn and adapt, quite quickly in many cases.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: User experience, Hallam-Baker, Phillip
Next by Date:  Re: User experience, John Gardiner Myers
Previous by Thread:  Re: ISP Mail Hosts on Black Lists (was "Re: Input on identities"), Philip Miller
Next by Thread:  Re: Input on identities, Doug Royer
Indexes:  [Date] [Thread] [Top] [All Lists]