Re: SPF HELO checking

On Sat, 2004-12-11 at 02:31, David wrote:

We don't *need* to use SPF to authenticate HELO.  Having HELO be a FQN that
resolves to the IP of the MTA authenticates the MTA equally as well 
as an SPF record - as is recommended practice.


nowadays most mta's fail this condition


But how often do they fail (for the non-forgery cases), when the HELO
string has an SPF record?

Does anyone know?

If it's impractical to say:

 o  Check that the HELO string resolves to the incoming IP and reject
    if this is not true,

Would it be practical to say:

 o  Check that the HELO string resolves to the incoming IP.  Reject
    if this is not true *and* the HELO string has an SPF record.

That would be an ideal solution!

-- 
Mark Shewmaker
mark(_at_)primefactor(_dot_)com

<Prev in Thread]	Current Thread	[Next in Thread>
Re: SPF HELO checking, (continued) Re: SPF HELO checking, David Re: SPF HELO checking, Roger Moser Re: SPF HELO checking, David Re: SPF HELO checking, Roger Moser Re: SPF HELO checking, David Re: SPF HELO checking, Greg Connor Message not available Re: SPF HELO checking, Commerco WebMaster Re: SPF HELO checking, David Re: SPF HELO checking, Stuart D. Gathman Re: SPF HELO checking, David Re: SPF HELO checking, Mark Shewmaker <= Re: SPF HELO checking, Roger Moser Re: SPF HELO checking, Mark Shewmaker Re: SPF HELO checking, Roger Moser Re: SPF HELO checking, Mark Shewmaker Re: SPF HELO checking, David Re: SPF HELO checking, Roger Moser Re: SPF HELO checking, David When did SPF HELO checking start?, wayne Re: When did SPF HELO checking start?, David Re: SPF HELO checking, Lloyd Zusman

Previous by Date:	Re: marketshare, Thijs van den Berg
Next by Date:	Re: SPF HELO checking, Roger Moser
Previous by Thread:	Re: SPF HELO checking, David
Next by Thread:	Re: SPF HELO checking, Roger Moser
Indexes:	[Date] [Thread] [Top] [All Lists]