Meng Weng Wong wrote:
| It's certainly been explained many times, on-list, by many people. I
| see strong confirmation that HELO scope would be useful, and an
| appropriate change to make. I see little reasoned opposition to a A
| HELO scope.
I now agree that checking HELO can be very useful, as it
satisfies the ESP->ISP whitelisting requirement nicely, and
also has the benefit of making life easier for forwarders
who would then be able to skip SRS.
I agree that HELO checking can be very useful.
The problem with this and other useful proposals is the fact
that many of today's legitimate mail servers do not comply.
I have experienced this myself a few months ago when I configured
my postfix MTA with a simple check for a valid HELO (the hostname
should be FQDN and have a MX or A record). The number of
badly configured legitimate mail servers was too high and
I reversed the config change.
The challenge is: how do we introduce a useful change and
disturb all mail traffic as little as possible?
IMO HELO checking should be implemented but some mechanism should
exist to have a grace period where owners of non-compliant mail servers
get warnings and plenty of time to comply.
The best I can think of is to
- not block mail at the MTA
- include HELO checking in spamasassin and other tools and send
non-compliancy warnings to postmaster (after spam and virus check
to prevent false messages).
- find an agreement to start this at the same date worldwide by those
want to participate (since owners of non-compliant servers
must get warnings from different sources to understand that we are
talking serious business).