-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Greg
Connor
Sent: Monday, March 15, 2004 5:39 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] HELO Testing
<...>
Unfortunately there is no way to protect against HELO
localhost.localdomain
MAIL FROM: <> - that is out of the range of SPF. If people
want to block
bounces (or all mail) from servers with clearly nonexistent
HELO names,
that's their own business. (SPF also doesn't FAIL on
nonexistent MAIL FROM
domains either, but it's assumed that your mailer does that anyway.)
Actually, I tend to think the HELO name is pretty superfluous and is
best ignored anyway. That doesn't mean you can't do any testing for
MAIL FROM:<>. When an SMTP-sender connects, you first and foremost have
their IP regardless of what their HELO string is. That piece of
information is reliable. You can still get some benefit from SPF by
doing rDNS on that IP, take the domain from the RHS of the result, look
up the SPF record for that domain and then test the SMTP-sender against
it. If an SPF record exists, this tells you whether the SMTP-sender is
a designated sender for its own domain, which is all SPF can ever tell
you.
I personally think this is a more sensible way to do SPF checks in
general. I've been working on a framework that uses SPF in this manner
instead of using the RHS of the return path. It has the major advantage
that it doesn't require sender rewriting at all, but that's a whole
other story.
--
Seth Goodman