On Mon, Feb 23, 2004 at 11:21:19PM -0500, Hector Santos wrote:
| > I must be missing the value of the HELO machine name.
|
| Per RFC 2821, the HELO machine name in "theory" must be associated with the
| connecting client IP address. Of course, for legacy reasons, it is not
| enforced.
|
| Systems like SPF, DMP adds enforcement.
|
| SPF lookup logic adds a loophole in this regard.
|
| Actual example:
|
| Client IP: 222.156.67.110
| 00:46:39 S: 220 winserver.com Wildcat! ESMTP Server v5.7.450.9b13 ready
| 00:46:40 C: HELO winserver.com
| 00:46:40 S: 250 winserver.com, Pleased to meet you.
| 00:46:40 C: MAIL FROM:<op(_at_)tpts1(_dot_)seed(_dot_)net(_dot_)tw>
|
| I have a proposal/solution if you want to hear it. But I need to see you
| agree it is a problem.
I agree it is a wonderful way to detect spam, but I don't think that
test belongs in SPF; why not perform the test separately from SPF?
Pobox.com for instance provides many per-user configurable spam filters,
and rejecting a bad HELO is one of them. But it is not tied to SPF.