spf-discuss
[Top] [All Lists]

Re: SPF HELO checking

2004-12-11 06:54:00
Mark Shewmaker wrote:

If it's impractical to say:

 o  Check that the HELO string resolves to the incoming IP and reject
    if this is not true,

Would it be practical to say:

 o  Check that the HELO string resolves to the incoming IP.  Reject
    if this is not true *and* the HELO string has an SPF record.

Both would reject most mail from hotmail.com.

I suggest:

If the return-path is not empty, check the SPF record for the MAIL FROM
domain and do not check the HELO string.

Otherwise, if the HELO string is not a valid host name with at least one
dot, accept the mail.

Otherwise, if there is an SPF record, check the SPF record.

Otherwise, use the SPF record "v=spf1 a ~all" or "v=spf1 a -all".

Roger


<Prev in Thread] Current Thread [Next in Thread>