On Tue, Feb 24, 2004 at 05:05:43PM +0100, Ernesto Baschny wrote:
| On 24 Feb 2004 at 9:50, wayne wrote:
| > I think it my be useful to do SPF checking on the HELO string, and
| > reject the connection if the SPF check fails, but let it pass
| > otherwise.
|
| That was my idea too. I have no problem with bad HELO strings from
| misconfigured senders, but I have a problem when someone forges my domain
| in a HELO string. So if someone says "HELO mail.baschny.de", and I have
|
| mail.baschny.de. IN TXT "v=spf1 -all"
|
| this would mean "this host NEVER sends emails", so it should be rejected.
I am very tempted to put this into the RFC but maybe it better belongs
in a BCP or in the website "how-to" document. What do people think?
Either way, I need to do a paper on "what the RFC doesn't tell you".
Covering trusted-forwarder, the deployment strategy, setup instructions,
per-MX configuration, etc.