ietf-smtp
[Top] [All Lists]

Re: RFC 5321bis / 2821ter

2009-01-27 13:55:17

Paul Smith wrote:
Spammers are welcome to use their own domains: that puts the spam
 problem at the relevant ISPs.
Not sure I understand that.

It is totally valid to do:

EHLO mail.spammer.com

I assume that the EHLO parameter corresponds to the IP address of
the sending host.

MAIL FROM:<me(_at_)mycompany(_dot_)com>

The EHLO name bears no resemblance to the sender's email address. Doing an SPF on the EHLO name is pointless, as all that tells you is that the sending host is 'mail.spammer.com'.

Yes, and spammer.com is where recipients should complain or claim any
damage that the transmission might have caused. More likely, the IP of
that transmitter will be blacklisted soon. I guess that's why spammers
use zombies or bots.

You have to do the SPF check on the MAIL FROM address, and test it
 against the IP address of the sending host.

If the MAIL FROM is given and mycompany took care of setting SPF
properly, the receiver can reject the message. More often, the MAIL
FROM address consists of an invalid user at a valid domain without SPF
records.

<Prev in Thread] Current Thread [Next in Thread>