spf-discuss
[Top] [All Lists]

Re: non-SPF domains with MX SPF domains

2005-07-03 06:52:07
On Sun, 3 Jul 2005, Hector Santos wrote:

Here is the specifics:

In the IETF-SMTP forum, one of the guys I have been exchanging mail with has
an email address with the domain amidatrust.com.  This domain doesn't have
an SPF record.

A MX lookup shows:

    MX preference = 5,
    mail exchanger = ismtp.easyspace.everyone.net

The domain everyone.net has a SPF record:

    v=spf1 include:sitespf.everyone.net ?all

and for sitespf.everyone.net

    v=spf1 ip4:216.200.145.0/26 ip4:208.184.100.0/26
                ptr:outmx.everyone.net  ?all

So what I wanted to see if the sender IP address matched he SPF record for
the main domain of the MX record.

The amidatrust.com domain *still* doesn't have an SPF record.

Now, you seem to want to guess an SPF record in the interest of 
moving legitimate mail along.  And in fact, I do the same thing.
When there is no SPF record, I "guess" the record:

"v=spf1 a mx ptr"

However, the mail domain *still* doesn't have an SPF
record.  Amidatrust.com still doesn't have an SPF record.
When I log a match for a guessed record, it says "guessed"
to distinguish it from a match on a real SPF record.

One of the sessions had

     IP 212.23.3.140
     HELO  pythagoras.zen.co.uk
     MAIL FROM: <his-address @ amidatrust.com>

The HELO matched this IP address and this HELO domain did not

So what I was wondering A) what does thie mean?  

It means that the sending MTA (pythagoras.zen.co.uk) has an rfc compliant HELO
name: it is a FQN (at least one dot) and resolves to the sending IP.  This
shows an unusual degree of competence, since most mail admins put
some nonsense like 'JUPITER' in there.  My mail policy would accept
the mail if not otherwise blacklisted, because the validated HELO
name provides something to blacklist/whitelist if needed.  There may be no
SPF record to validate the MAIL FROM, but a validated HELO is
sufficient for domain based blacklisting.  (And simply requiring
RFC compliant HELO goes a long way toward the goals of SPF.)

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.