In <20040224153903(_dot_)GT27676(_at_)dumbo(_dot_)pobox(_dot_)com> Meng Weng
Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> writes:
I have a pragmatic reason for not doing HELO checking.
There are a lot of legitimate machines with bad HELO strings.
This has been mentioned so many times, that I guess I had assumed that
everyone knew this. Probably a bad assumption and worth bringing up.
If we were to do strict HELO checking, many of those legitimate machines
would now begin to fail, and the false-positive rate of SPF would become
very high right away; it would be high enough that people would reject
it as too idealistic.
I think it my be useful to do SPF checking on the HELO string, and
reject the connection if the SPF check fails, but let it pass
otherwise.
-wayne