spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Re: HELO versus MAILFROM results

2005-05-06 15:02:56
from [Mark] [Permanent Link] 


-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Mark 
Shewmaker
Sent: vrijdag 6 mei 2005 20:14
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Re: HELO versus MAILFROM results



On Fri, May 06, 2005 at 04:30:20PM +0000, Mark wrote:
On vrijdag 6 mei 2005 7:04, Radu Hociung wrote:



The only check that might be remotely valid is to check the A
record to ensure it matches the IP address.


Which would not be 'remotely valid', but 100% safe (barring
DNS hacks, of course).


Could we have an optional "match" key for the Received-SPF line that
could be used when the result is "None" and set to "yes" or "no"?


Section 7.2, The Received-SPF header, says:

Other key-value pairs may be defined by SPF clients. Until a new key name
becomes widely accepted, new key names should start with "x-".

I take it wayne had something in mind like RFC 1869 4.3 compliant SMTP
Service Extensions (for local use). But, I wonder, if new key names should
start with "x-", then how are these 'new' names ever going to be widely
accepted in their form without "x-"? At any rate, I interpret 7.2 to mean
that you could probably already do so.


Then if a domain doesn't have an spf record, but the client IP matches
an A or AAAA record of the domain, the Received-SPF line could contain
a "match=yes", (or "match=no" if the IP doesn't match.)


Match what? HELO, of course; but the meaning of a key word that just says
'match' may, out of context, not be so self-evident as in this thread. :)
Perhaps 'helomatch' or something.

Personally, if I wanted to implement this, I'd probably add the IP address
of the A record behind the HELO value; like so:

Received-SPF: pass (asarian-host.net: domain of
    listbox+trampoline+735+865569+ee70a142(_at_)v2(_dot_)listbox(_dot_)com 
designates
    207.8.214.5 as permitted sender)
    receiver=asarian-host.net;
    client-ip=207.8.214.5;
    
envelope-from=<listbox+trampoline+735+865569+ee70a142(_at_)v2(_dot_)listbox(_dot_)com>;
    helo=apex.listbox.com ([207.8.214.5]);

But you can certainly already add:

    x-helo-match=yes


(It would be nice if "match" could instead be an allowed result, but
it's probably too late for that now.  :-) )


Nor would it really be an SPF-lookup result. :)

Cheers,

- Mark 
 
        System Administrator Asarian-host.org
 
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: New DNS Record Types, David MacQuigg
Next by Date:  Re: Wildcards - Downgrade HOLD to SELL, David MacQuigg
Previous by Thread:  Re: Re: HELO versus MAILFROM results, Mark Shewmaker
Next by Thread:  The point of HELO (and MAIL FROM) checking, Julian Mehnle
Indexes:  [Date] [Thread] [Top] [All Lists]