Alex van den Bogaerdt wrote:
On Fri, May 06, 2005 at 04:24:44AM +0200, Frank Ellermann wrote:
Most of it. The context here was your reply to my example
HELO oem.computer. If you consider something else as "the
context" I've no clue what that might be.
Again: I am commenting on the following fud:
This debate is a hallucination, if somebody loves to say
"HELO oemcomputer" then he's free to do so with or without
SPF, of course it's a RfC 2821 syntax error "missing dot".
RFC 2821 clearly states that FQDN shall be used, not random
series of characters that "somebody loves to say". RFC2821
does not define "missing dot". See my other reply as well as
previous post (most likely in reply to yours).
If you are going to discuss SPF, please don't spread fud on RFC2821.
I am partially guilty for the beginning of this "fud", as I said once
that anything goes in the HELO name. I'm sorry. A lot of stuff goes, but
not quite everything. I should have been more clear.
However, I still think there is no point checking the HELO.
All a spammer has to do is find a host name, *any host name* without a
TXT record, and use that in the HELO.
This SPF check is so easy to bypass, it's not funny.
The fact that the name in the HELO is inconsequential for the rest of
the SMTP conversation means you can't tie the helo to anything else in
that email communication... so what's the point assuming it has any meaning?
Here's a short list of good candidates.
my-hostname-is-longer-than-yours.mit.edu
didnt.doit.wisc.edu
com.com.com
sci.fi
pearly-gates.vatican.com
diplomatic.passport.ca
Remember that *any* domain publishing a wildcard is a good candidate for
an endless supply of randomly generated HELO names that mean nothing.
but could be inserted into SpamAlot v12.9
I just hope it's not my wildcard that gets used, because it will cost
dearly. But will it be yours? Would we even have this problem if it
weren't for the smart idea to check the HELO with SPF ?
But if you were a smart spammer, you'd pick a HELO name from
http://homepage.seas.upenn.edu/~mengwong/coolhosts.html
... and ridicule the whole SPF thing from the word HELO!
It would be a beautiful HELO from one Internet old-timer to another.
Yes, that URL is the very same referenced by RFC2100. Don't let the
publishing day fool you, it is a real RFC. :)
The only check that might be remotely valid is to check the A record to
ensure it matches the IP address. But that's not SPF, and it can also be
easily faked with the [1.1.1.1] notation. Rejecting those is also not
SPF stuff.
So what does SPF have to do with HELO ?
Actually, before it is proposed that HELO should be done, it should be
experimented with, to see how much junk it keeps away. Then, if the
results of this experiments were favourable, we could discuss including
it in a spec.
This is why I say that SPF is still at the early stages of experiment.
There are more things we haven't learnt yet than things we have.
Regards,
Radu