--On Dienstag, Februar 24, 2004 18:03:36 -0500 Hector Santos
<winserver(_dot_)support(_at_)winserver(_dot_)com> wrote:
[...]
Using pareto's principle as a guideline, the majority of systems will
have a domain name that is reflective of their organization.
The SPF helo domain lookup should be the one base domain name
What is the base domain name?
So for a HELO/EHO subdomain.domain.com, the SPF lookup shouldl be based
on domain.com and then allow it to describe the policy.
Try again for subdomain.domain.co.uk (only 3LDs registered) or even
better for subdomain.domain.co.at (2LDs and 3LDs registered). You cannot
guess the name registered by the ccTLD registry without guessing or
additional lookups.
And RFC2821 allows not only address literals as EHLO parameter, there is
also no requirement that the given parameter corresponds to the
interface used to communicate with your server. Section 4.1.1.1 requires
only that the FQDN given belongs to the client. A multihomed system may
have several valid FQDNs, all usable as EHLO parameters, and all legally
used for whatever interface your server happens to be connected to.
Strict EHLO parameter checking will have a false positive rate that will
be way to high for any business to be acceptable. Do not make this a
mandatory part of SPF or you will risk rejection of SPF as a whole.
Ralf