spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: HELO versus MAILFROM results

2005-05-04 14:07:19
from [Radu Hociung] [Permanent Link] 
Frank Ellermann wrote:

Rene Barbier wrote:



I fail to see why you couldn't force such a requirement on
domains that publish SPF.



This debate is a hallucination, if somebody loves to say
"HELO oemcomputer" then he's free to do so with or without
SPF, of course it's a RfC 2821 syntax error "missing dot".

So he says "HELO oem.computer" and all are happy, the
stupid MTA, RfC 2821, SPF (saying NONE for this nonsense),
and the MX lost one DNS query, so what ?  It's the same
situation with CSV.


Look at it from a time perspective. A query on a bad name may timeout,
and that is a delay of 2 seconds, maybe more on some sites.

And it's not at all the same situation with CSV.

Without HELO, CSV does not exist, while SPF can still use MAIL-FROM, the
way it was intended initially.

But let's see another angle:

A forwarder such as mail.com, uses its mail servers specifically to
relay ("forge", some might say) without changing the MAIL-FROM. so when
you send a message to happydog.com which is a forwarded domain that uses
mail.com MX servers, goes out through some other outgoing server that
belongs to mail.com.

However, no happydog.com (as its MAIL-FROM) mail originates from those
servers. So in this case, what do you think is more likely that
happydog.com will publish? "v=spf1 -all", no? Or is it "v=spf1 +all" ?

And what should the outgoing SMTP servers publish ? (ie,
mailout544.mail.com) Technically, these outgoing servers do not receive
messages, so can never generate bounces. So would the policy for
mailout544.mail.com not be "v=spf1 -all" ?

There's more... we've seen that there are many creative ways to produce
syntactically incorrect SPF records. So it's not absurd that some of the
HELO records will be incorrect as well.

Have you considered how much harder it would be to find and fix the
problem if it's caused by a syntax error in the HELO record? take a
syntax error at mailout544.mail.com, for instance. mail.com is doing a
public service by allowing people to use happydog.com and the other
hundreds of domains, so do you think they dedicate a lot of technical
support to fix half-ass SPF records?

And you know who suffers? The guy who owns the alias(_at_)happydog(_dot_)com,
because its the mailbox domain that does not accept the broken SPF
record at happydog.com. Meanwhile, all his friends who send him mail to
happydog.com cannot get through to his mailbox, and there's nothing he
can do about it.

This HELO checking is giving me a headache, but I don't think it's a
halluciation as you say. :)

Radu.

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper!  http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Re: How useful are per-user policies?, Radu Hociung
Next by Date:  Re: HELO versus MAILFROM results, Radu Hociung
Previous by Thread:  Re: HELO versus MAILFROM results, Frank Ellermann
Next by Thread:  Re: Re: HELO versus MAILFROM results, Stuart D. Gathman
Indexes:  [Date] [Thread] [Top] [All Lists]