Roger Moser wrote:
Please tell me a domain where the helo domain is the same as
the return-path domain and delivery status notifications are
not sent from the same IP addresses as normal mail. Only in
this case one might need a helo scope.
With mail anything is possible. Look at it from the POV of a
receiver seeing a forged HELO pobox.com - the sender policy of
pobox.com is not exactly trivial:
"v=spf1 mx mx:fallback-relay.%{d} a:webmail.%{d} a:smtp.%{d}
a:outgoing.smtp.%{d} a:discard-reports.%{d} a:discards.%{d}
mx:store.discard.%{d} a:emerald.%{d}
redirect=%{l1r+}._at_.%{o}._spf.%{d}"
BTW, I count _nine_ DNS-mechanisms before the final redirect to
postmaster._at_.pobox.com._spf.pobox.com = "v=spf1 -all" allows
to identify any HELO pobox.com as forged.
Maybe the limit of _10_ in schlitt-01 should be _12_ (counting
redirect= as one) ?
Bye, Frank