On Fri, 6 May 2005, Radu Hociung wrote:
But the key question is ... what have you achieved by checking SPF that
could not be achieved by checking MAIL FROM alone?
The important use of checking HELO SPF is when MAIL FROM is <>. This
ties the source of bounces to a domain name. Any other use is somewhat
redundant, as you point out.
In my MTAs, I save the HELO name, but don't check it until MAIL FROM. Then, if
there is no SPF for mail from, I check HELO SPF. If there is no SPF record for
the HELO name (which there often is because it is unrelated to MAIL FROM), I
use 'v=spf1 a mx'. If that fails to get a PASS, I check for a valid PTR
record. If that fails, I reject the message.
At some point, I would like to stop accepting just any PTR, and change
the default (guessed) HELO SPF record to 'v=spf1 a mx ptr'. But I have
to accomodate some very email ignorant correspondants.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.