spf-discuss
[Top] [All Lists]

Re: the role of the HELO domain

2004-02-24 02:13:17
On 23 Feb 2004 at 23:53, Hector Santos wrote:

Pobox.com for instance provides many per-user configurable spam filters,
and rejecting a bad HELO is one of them.  But it is not tied to SPF.

Meng,   I think this will have a negative impact on SPF.  You should address
it.   Sort of defeats the purpose.   The whole point of SPF is to validate
sender machines.  The enforcement of client machine domain and client IP is
one of them, in fact I consider it more important than the MAIL FROM.

I agree with Hector Santos. At the moment I have two problems with 
my baschny.de domain: 

1) Forged MAIL FROM:<(_dot_)(_dot_)(_dot_)(_at_)baschny(_dot_)de> and 
2) forged HELO baschny.de.

Every day or two I get a UBE-complaint from someone who got a spam email
with headers like:

  Return-path: <leonor_thomsonvc(_at_)bdkj(_dot_)de>
  Received: ...
  ...
  Received: from baschny.de (eu156-210.clientes.euskaltel.es
            [212.142.156.210]) by ...  
  ...
  From: Leonor Thomson <leonor_thomsonvc(_at_)bdkj(_dot_)de>

And as the domain owner of baschny.de I have no way to make sure my
domain is not forged in a HELO statment, which ends up in the 
Received lines, which then makes it look as if my domain was used to
relay the spam (even if a technically skilled user could tell that the
domain in this case was forged).

It would be neat if I could use SPF to specify HOW a HELO string with
my domain name could be used (specifically, I would't like any host
to issue a "HELO baschny.de"). If a MTA deploys SPF, I want to expect
that this kind of forgery is avoided, and not have to trust them also to
be doing other non-standard checks in the HELO string.

Is this worth a discussion here?

-- 
Ernesto Baschny <ernst(_at_)baschny(_dot_)de>
 http://www.baschny.de - PGP: http://www.baschny.de/pgp.txt
 Sao Paulo/Brasil - Stuttgart/Germany
 Ernst(_at_)IRCnet - ICQ# 2955403