spf-discuss
[Top] [All Lists]

Re: Fw: Received your email

2004-08-23 22:12:57
David Woodhouse wrote:

On Mon, 2004-08-23 at 20:57 +0000, Mark wrote:

I do not test for the HELO to resolve (what would be the point
anyway? HELO is too forgeable to begin with). In fact, my check is
pretty lax: I just check for a "." in the name (which covers the
FQDN and address literal). The point of the exercise is not to check
whether the HELO is good, but whether it is definitely bad.

Checking for a dot doesn't cover perfectly legitimate literals like
this: EHLO [IPv6:2002:c1ed:8229:10:2c0:f0ff:fe31:e18]

Even if you don't listen on an IPv6 address (and why not? IPv6 is
trivial with 6to4 -- all hosts with a public IPv4 address
automatically get 2^^80 IPv6 addresses to play with), you may get
connections via ipv6-to-ipv4 application-level address translation
gateways. Although admittedly that isn't likely.

I am not listening on IPv6 yet. Primarily because it always seemed like a
big hassle getting everything converted. But maybe it is indeed time I
started looking into this. My own provider already offers an IPv6-to-IPv4
tunnel. :)

- Mark

        System Administrator Asarian-host.org

---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx