Seth Goodman wrote:
Only the complete name alaia01.alaia.net. There is no inherent/easy
guarantee in DNS that the domains are owned by the same people as the
parent domain. (Your MX server should have an SPF record anyway...)
Did you really mean that last statement? The point of SPF is to list
the outgoing MTA's for a given domain, not the reverse. At a large ISP
or hosting service, an MX farm covers tens of thousands or hundreds of
thousands of domains. In general, DNS records for the MX are not under
the control of the individual domain owners, so it's not even possible.
I agree. There needs to be some means of reigning this in. Maybe this is a
reason that HELO checking against SPF should not be done. Yes, HELO
checking is a valid check (same as receiving domain, same IP, etc.) but how
about SPF check against HELO may be performed only if the SPF check against
MAIL FROM is a non-PASS.
Marc