spf-discuss
[Top] [All Lists]

Re: Possible SPF machine-domain loophole???

2004-02-24 08:55:58
On Tue, Feb 24, 2004 at 09:50:53AM -0600, wayne wrote:
| 
| I think it my be useful to do SPF checking on the HELO string, and
| reject the connection if the SPF check fails, but let it pass
| otherwise.

Yes, that will probably be helpful.

But if the goal is to prevent bad guys from using your name in any way,
it may not work: suppose I own domain.com.

  HELO bogussubdomain.domain.com

  HELO doma1n.com

  HELO domain.com.INTERNET

will all pass the test (unless in the first case there's a *.domain.com
TXT record) and cause users to generate abuse reports to domain.com.