[Top] [All Lists]

Re: RFC 5321bis / 2821ter

2009-01-28 04:50:24

Alessandro Vesely wrote:

Paul Smith wrote:
Spammers are welcome to use their own domains: that puts the spam
 problem at the relevant ISPs.
Not sure I understand that.

It is totally valid to do:


I assume that the EHLO parameter corresponds to the IP address of
the sending host.

MAIL FROM:<me(_at_)mycompany(_dot_)com>

The EHLO name bears no resemblance to the sender's email address.
Doing an SPF on the EHLO name is pointless, as all that tells you is
that the sending host is ''.

Yes, and is where recipients should complain or claim any
damage that the transmission might have caused. More likely, the IP of
that transmitter will be blacklisted soon. I guess that's why spammers
use zombies or bots.
A bot could use:

where resolves to the IP address of the bot. The
spammer can trivially set up a virtual DNS zone with all valid IP
addresses in it, and the bot just chooses the appropriate one.

Complaining to won't do any good, and they'll create new
'' domains faster than you can block them.

How does it help?

You have to do the SPF check on the MAIL FROM address, and test it
 against the IP address of the sending host.

If the MAIL FROM is given and mycompany took care of setting SPF
properly, the receiver can reject the message. More often, the MAIL
FROM address consists of an invalid user at a valid domain without SPF
Exactly, so how does having a 'correct' EHLO parameter help?

I can see that having an incorrect one can be used to block mail, IF
(and this is a big 'if') you can be sure that legitimate senders set up
things correctly. However, if this becomes a standard check, then it is
trivial for a spammer to get around it. And, all that has achieved is
another useless check, which makes life harder for the good guys.

Paul Smith

VPOP3 - POP3/SMTP/IMAP4/Webmail Email server for Windows

<Prev in Thread] Current Thread [Next in Thread>