spf-discuss
[Top] [All Lists]

Re: the role of the HELO domain

2004-02-24 02:49:51
On Mon, Feb 23, 2004 at 11:53:19PM -0500, Hector Santos wrote:
Meng,   I think this will have a negative impact on SPF.  You should address
it.   Sort of defeats the purpose.   The whole point of SPF is to validate
sender machines.

No, the whole point of SPF is to validate envelope-sender addresses. Period.

On bounces, there is nothing to validate with SPF. I still have not seen a
good argument for why the HELO name should be validated in this case. It is
not used as part of delivery, apart from it may in some cases be added to a
Received: header:

  Received: from dsl-1-2-3-4.isp.net (claiming to be foobar.com); ....

Spammers can easily put 'HELO dsl-1-2-3-4.isp.net' in there, if it suits
them better (i.e. it helps them get past your SPF filter).

The enforcement of client machine domain and client IP is
one of them, in fact I consider it more important than the MAIL FROM.

And what about things like doing a reverse lookup on the client IP address,
then a forward lookup on the name, to see they match? That's another way of
validating the client connection. But it's not part of SPF.

Regards,

Brian.