On Sat, Mar 06, 2004 at 04:23:27PM -0800, Greg Connor wrote:
|
| Based on all that... I would expect SPF to return "unknown" for any domain
| OR helo name that doesn't have SPF info published, INCLUDING domains that
| clearly don't exist. I think it's reasonable to block mail from domains
| that don't exist, but I wouldn't depend on SPF to do this for you.. there
| should be other policy built into the mailer to reject the mail if the
| domain doesn't exist. I would not recommend to use this type of checking
| on the HELO name though.
|
OK. Evidently the spec and the library need changing. How about this:
if the return-path domain does not exist (NXDOMAIN), return FAIL
if the helo domain does not exist, return UNKNOWN
or should they return UNKNOWN in both cases?
The "FAIL" special-case came from a time when we were only checking the
return-path, but it's probably not appropriate if we're assigning more
weight to the HELO.