-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Greg
Connor
Sent: Friday, March 12, 2004 5:29 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] HELO Testing
I wrote:
Only the complete name alaia01.alaia.net. There is no
inherent/easy
guarantee in DNS that the domains are owned by the same
people as the
parent domain. (Your MX server should have an SPF record
anyway...)
Seth Goodman wrote:
Did you really mean that last statement? The point of SPF
is to list
the outgoing MTA's for a given domain, not the reverse.
At a large ISP
or hosting service, an MX farm covers tens of thousands or
hundreds of
thousands of domains. In general, DNS records for the MX
are not under
the control of the individual domain owners, so it's not
even possible.
I'm not exactly sure what you are asking, so let me try a
couple different
answers.
Sorry, I got the context completely wrong. If what is being proposed is
to just check the HELO name against the SPF record for that name, if it
exists, and fail only if there is a mismatch with the SPF record, I have
no problem with that. It will catch some obvious forgeries, at least in
the short term. As long as it doesn't fail for broken names like
"localhost", then I guess there is no downside to it.
--
Seth Goodman