Re: A HELO Question

wayne wrote:

In <404A190C(_dot_)5070208(_at_)greptar(_dot_)com> Nathan Wharton 
<naw(_at_)greptar(_dot_)com> writes:

From what I understand, if a domain hasn't published any SPF
records, or doesn't even exist, I shouldn't be getting an SPF fail
on something from them.  Is this right?


That is correct.

So, does this mean a spammer can bypass SPF by just using HELObogusdomain.com and MAIL FROM: <>?

If it is, then that has not been my experience.  If a bounce comes
from a machine that has a bogus HELO, it gets an SPF fail:
[example from the postfix SPF stuff deleted]


I would say that this is a bug in the postfix policy-spf code.

Then is it a bug in Mail::SPF::Query, then? The postfix policy code isjust a small wrapper around it.

<Prev in Thread]	Current Thread	[Next in Thread>
A HELO Question, Nathan Wharton Re: A HELO Question, wayne Re: A HELO Question, Nathan Wharton <= Re: A HELO Question, wayne Re: A HELO Question, Nathan Wharton Re: A HELO Question, Greg Connor Re: A HELO Question, Hector Santos Re: A HELO Question, wayne Re: A HELO Question, Meng Weng Wong Re: A HELO Question, wayne Re[2]: A HELO Question, Sanford Whiteman Re: A HELO Question, Meng Weng Wong Re: A HELO Question, Theo Schlossnagle