begin Wednesday 21 January 2004 23:09, wayne quote:
Now, it could be claimed that the HELO string should only be checked
if the when the MTA actually uses a MAIL FROM:<>. However, how often
will an MTA change its HELO string depending on whether it is nul
sender? If it isn't going to change it, then isn't it better to fail
all the time and immediately rather than fail only some of the time
and later? Will people really notice that bounces are being rejected
due to malformed HELO strings?
The downside of checking HELO always is that it may be more permissive
than checking From. A spammer wanting to joe-job somebody can set up
his MTA to use a truthful HELO (so that it passes SPF), and still lie
in the MAIL FROM: (so that bounces go "back" to an unsuspecting
victim).
On the other hand, checking HELO does have some advantage: it would
solve the forwarding problem (because the forwarding MTA would use its
own name in the HELO).
Alain
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±€Ö€Íµø�?¡