Re: SPF HELO checking

Hi !!

example.com.          IN TXT "v=spf1 ip4:192.168.1.1 -all"
mxsender.example.com. IN TXT "v=spf1 ip4:192.168.1.1 -all"

And configure your MTA at 192.168.1.1 to say "HELO mxsender.example.com"
instead of "HELO example.com". Mail not from 192.168.1.1 is forged anyway,
whether is says "HELO example.com" or not.

this does not prevent anyone to use HELO example.com


That is true. But if someone (a forger) uses "HELO example.com", then the
SPF result will be "Fail" (because the mail did not come from 192.168.1.1)
and the mail will be rejected.


and also any mail with a example.com envelope sender forwarded by
any forwarder that does not use srs (almost all) will be rejected

--
best regards ...

It's a fine line between fishing & standing still

----------------------------------------------------------------
   David Saez Padros                http://www.ols.es
   On-Line Services 2000 S.L.       e-mail  david(_at_)ols(_dot_)es
   Pintor Vayreda 1                 telf    +34 902 50 29 75
   08184 Palau-Solita i Plegamans   movil   +34 670 35 27 53
----------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Re: SPF HELO checking, (continued) Re: SPF HELO checking, Frank Ellermann Re: Re: SPF HELO checking, Tony Finch Re: SPF HELO checking, Greg Connor Re: SPF HELO checking, william(at)elan.net Re: SPF HELO checking, David Re: SPF HELO checking, Commerco WebMaster Re: SPF HELO checking, Roger Moser Re: SPF HELO checking, Commerco WebMaster Re: SPF HELO checking, David Re: SPF HELO checking, Roger Moser Re: SPF HELO checking, David <= Re: SPF HELO checking, Roger Moser Re: SPF HELO checking, David Re: SPF HELO checking, Greg Connor Message not available Re: SPF HELO checking, Commerco WebMaster Re: SPF HELO checking, David Re: SPF HELO checking, Stuart D. Gathman Re: SPF HELO checking, David Re: SPF HELO checking, Mark Shewmaker Re: SPF HELO checking, Roger Moser Re: SPF HELO checking, Mark Shewmaker