ietf-smtp
[Top] [All Lists]

Re: RFC 5321bis / 2821ter

2009-01-27 13:07:06

Alessandro Vesely wrote:

All you can do is check to see if the EHLO parameter resolves to the
IP address of the sending host, and that tells you nothing except the
sender has set it up correctly... Spammers can set up domains &
mailing software correctly more easily than the majority of
legitimate users can.

Hm... some spamware can obviously do a reverse lookup and use that as
a helo name. However, it cannot easily fake MX or SPF records to make
a zombie address valid. Spammers are welcome to use their own domains:
that puts the spam problem at the relevant ISPs.
Not sure I understand that.

It is totally valid to do:

EHLO mail.spammer.com
MAIL FROM:<me(_at_)mycompany(_dot_)com>

The EHLO name bears no resemblance to the sender's email address. Doing
an SPF on the EHLO name is pointless, as all that tells you is that the
sending host is 'mail.spammer.com'. You have to do the SPF check on the
MAIL FROM address, and test it against the IP address of the sending host.

ISPs do this all the time (legitimately).

-- 
Paul Smith

VPOP3 - POP3/SMTP/IMAP4/Webmail Email server for Windows

<Prev in Thread] Current Thread [Next in Thread>