[Meng Weng Wong]
On Tue, Feb 24, 2004 at 05:18:44AM -0600, wayne wrote:
|
| As others have pointed out, many MTAs already have an option to
| validate the HELO domain. I think doing the SPF checking is better
| than most of these options, but these MTAs didn't have
access to the SPF
| code when the options were created.
I have a pragmatic reason for not doing HELO checking.
-------------snip----------------------
SPF is a hard enough sell as it is: I don't want this to be the straw
that breaks the camel's back.
Actually, you shouldn't ever have to do both checks. I look at it as
one or the other. If an SPF record exists and the SMTP-sender is
permitted for the envelope-sender domain, why should we care what the
HELO string is? On the other hand, if there is no SPF record, or if the
SPF record is useless (+all), requiring the HELO string to have an FQDN
that matches their rDNS doesn't seem unreasonable. One of my providers
(large U.S.-based) has several rDNS-related requirements on SMTP-senders
and I've yet to experience any problems. I agree that your example
message would not have reached me, but I suspect that a resulting phone
call would have greased the wheels to fix the problem. If the sender
didn't contact me after getting a DSN, I would take the position that
the message wasn't important. That's just my feeling, everyone can
enforce their own preferences.
I do take note that you say it can be hard to change the HELO string.
Do you know that to be the case?
--
Seth Goodman