Re: spf-draft-200404.txt -- Happy spammers
2004-04-26 06:21:43
Yet another reason why NXDOMAIN shouldn't necessarily cause a reject is that
SPF checks are also done on HELO names (for DSNs) and there are many, many,
many systems out there that don't HELO with fully-qualified domain names, and
hence their DSNs would be rejected if NXDOMAIN resulted in a reject. Anyone
running a mailing list going to non-technical people will be aware of this. I
had to hack the SPF milter to not do checks on HELO names until M:S:Q 1.997
came out. Now I can do "the right thing" and can score against bogus HELOs
using the added Received-SPF: header, which I'm much happier about than
rejecting all bounces from such sites.
As for spammers that forge my domain or IP address in their HELO, or use
non-existent domains in the MAIL FROM:, they're rejected by sendmail rulesets
and never even get as far as SPF checks.
Paul.
|
|