spf-discuss
[Top] [All Lists]

Re: Re: SPF HELO checking

2004-12-11 10:04:12
Hi !!

1. HELO checking is already a part of all SPF implementations we are aware of. It has been part of the spec for over a year. The discussion is not whether to add it, but how do we live with it.

yes, but it's mainly for the case of the null nevelope sender and it's
not possible right now to specify separated policies for mail from and
helo for the same domain.

> We can do them
> separately in the next version (Unified SPF).

i really do not belive in spf unified, to be realistic i will prefer
separeted protocols for each check (mailfrom, helo, from: and message
content)

If they publish using -all they are protected anyway.

but this breaks forwarding.

3. For the case where you really need a different policy for both, there is a workaround: specify a -all policy only when the username is "postmaster" and a ~all for all other usernames.

and what about policies for postmaster itself ?

all of this is just a patch, a workaround, a way to do something with
a tool that has not been designed to do that, not something well
designed SPS is designed to protect the mail from, trying to
desesperatelly use it for anything is not the way to go. If we need
a way to check the helo we are in the moment we can develop a simple
and functional protocol. We can also overload spf. My experience both
as a programmer and sysadmin tells me that is better to have small
well designed pieces than one big and complex piece that tries to
deal with everything.

Footnote: By the way, "soft fail" ~all is actually quite a bit newer than HELO checking :)

i supose you are kidding ...

If everyone could just publish -all then HELO checking would work as originally intended.

no, it will be only because you can publish -all, not because you can
publish different policies for helo and mailfrom.

--
Best regards ...

It's a fine line between fishing & standing still

----------------------------------------------------------------
   David Saez Padros                http://www.ols.es
   On-Line Services 2000 S.L.       e-mail  david(_at_)ols(_dot_)es
   Pintor Vayreda 1                 telf    +34 902 50 29 75
   08184 Palau-Solita i Plegamans   movil   +34 670 35 27 53
----------------------------------------------------------------



<Prev in Thread] Current Thread [Next in Thread>