We got too many false positives with some customers from a policy of
requiring at least one form of identification from email senders (non-dynamic
PTR, valid HELO, or SPF that doesn't FAIL), and have gone back to rejecting
on SPF FAIL only. With other customers, the identification required policy
works well.
It really irks me to get email like this:
connect from [123.45.32.157] (no PTR)
helo from JUPITER
mail from user(_at_)jbbworldwide(_dot_)com (SPF: None SPF-Guess: FAIL)
REJECT: no PTR, HELO, or SPF
and have it turn out to be an important client.
Here is my new idea: if no identification is provided via SMTP, then
before entering the DATA phase, send a DSN to the MAIL FROM. The DSN
will say something like this:
***************
WARNING! Your domain may have been forged! We received a message claiming
to be from (MAIL FROM) user(_at_)jbbworldwide(_dot_)com, but it came from IP
address 123.45.32.157, which is not identified, with a HELO of "JUPITER",
which is not a valid HELO name. There is no SPF record for the
domain 'jbbworldwide.com', and no MX or A record for 'jbbworldwide.com'
matches the sending IP.
In case this message really is from 'jbbworldwide.com', and there is
simply a misconfigured mail server, we are delivering this message to the
recipient(s). You should fix your mail server in this case.
If this was a forgery, you should protect your domain by publishing an
SPF record. See http://spf.pobox.com
***************
The point is, whether it is a forgery, or a misconfigured server, they
need to fix it, and hopefully getting the nagging DSN every time might
help motivate them.
On the other hand, this might be seen as a form of extortion. What do you
think?
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.