|
Re: Re: step by step deploment
2004-01-21 22:28:53
On Jan 21, 2004, at 19:13, wayne wrote:
In <1074729432(_dot_)30130(_dot_)592(_dot_)camel(_at_)code3> James Couzens
<jcouzens(_at_)obscurity(_dot_)org> writes:
I'm thinking that we should always check *both* the HELO and the MAIL
FROM:. An invalid HELO string causes the connection to be
immediately
rejected.
I've been seeing an increasing amount of email lately that is indeed
valid email but does not contain a HELO. It seems that some clients
are
taking the lazy approach and not even bothering?
Yes, and I see a lot of invalid HELO strings. (Ok, the RFC says the
HELO string is just a comment, but...)
So, the problem is, these systems will be able to send SPF-enabled
email just fine, but any bounces created by them will be rejected.
That doesn't strike me as a good thing to have happen.
-wayne
To which RFC are you referring? If it's RFC 2821 it says exactly the
opposite:
3.6 Domains
Only resolvable, fully-qualified, domain names (FQDNs) are permitted
when domain names are used in SMTP. In other words, names that can be
resolved to MX RRs or A RRs (as discussed in section 5) are permitted,
as are CNAME RRs whose targets can be resolved, in turn, to MX or A
RRs. Local nicknames or unqualified names MUST NOT be used. There are
two exceptions to the rule requiring FQDNs:
- The domain name given in the EHLO command MUST BE either a primary
host name (a domain name that resolves to an A RR) or, if the host has
no name, an address literal as described in section 4.1.1.1.
<snip>
Notice the "MUST BE" part.
I've tried to reject on the EHLO before but you would be surprised how
many major sites have totally invalid EHLO/HELOs. Huge financial
organisations, healthcare institutions, prominent e-commerce sites,
even top-tier communication companies. And guess how responsive they
are to being informed about their misconfigured systems.
There have been some good RFC holy wars over rejecting invalid HELOs
but suffice to say these days it's probably a good idea. But in
practice it will reject a whole lot of mail from valid sites (with,
IMO, poorly configured mailers). When I was rejecting i'd estimate 95%
of the invalid EHLOs were spam.
-ty
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: step by step deploment, (continued)
- Re: Re: step by step deploment, wayne
- Re: Re: step by step deploment, James Couzens
- Re: Re: step by step deploment, wayne
- Re: Re: step by step deploment,
ty lammy <=
- Re: Re: step by step deploment, wayne
- Re: Re: step by step deploment, John A. Martin
- bugs in rfc2821, Meng Weng Wong
- Re: bugs in rfc2821, Za'mbori, Zolta'n
- Re: bugs in rfc2821, Za'mbori, Zolta'n
- Re: Re: bugs in rfc2821, John A. Martin
- Re: bugs in rfc2821, John A. Martin
- Re: bugs in rfc2821, John Warren
- Re: Re: step by step deploment, wayne
- Re: Re: step by step deploment, John Warren
|
|
|