From what I understand, if a domain hasn't published any SPF records, or
doesn't even exist, I shouldn't be getting an SPF fail on something from them.
Is this right?
If it is, then that has not been my experience. If a bounce comes from a
machine that has a bogus HELO, it gets an SPF fail:
Mar 4 20:30:24 mail2 postfix/policy-spf[31748]: : SPF fail: smtp_comment=Please see http://spf.pobox.com/why.html?sender=InterJet.akaerospace.com&ip=209.112.133.85&receiver=mail2.schaferhsv.com: domain of sender InterJet.akaerospace.com does not exist, header_comment=mail2.schaferhsv.com: domain of does not designate 209.112.133.85 as permitted sender
Mar 4 20:30:24 mail2 postfix/smtpd[31743]: NOQUEUE: reject_warning: RCPT from
aerodial.alaska.net[209.112.133.85]: 554 <protected(_at_)schaferhsv(_dot_)com>: Recipient address
rejected: Please see
http://spf.pobox.com/why.html?sender=InterJet.akaerospace.com&ip=209.112.133.85&receiver=mail2.schaferhsv.com:
domain of sender InterJet.akaerospace.com does not exist; from=<>
to=<protected(_at_)schaferhsv(_dot_)com> proto=ESMTP helo=<InterJet.akaerospace.com>
I don't think this is a configuration problem, because everything else works.
So, I was hoping the new HELO work was going to take care of this, but it seems
that there is going to be more restrictive rules on HELO, not less.