spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Question on a unified policy record approach

2005-09-01 10:40:45
On Thu, 1 Sep 2005, Stuart D. Gathman wrote:

System        Identity                                        Method Type
CSA (CSV)     HELO                                            Connect IP
SPF           MFROM,HELO                                      Connect IP
SID           PRA (Patented synthetic rfc2822 identity)       Connect IP
DKIM          Most RFC2822 headers                            Crypto (PK)
SES           MFROM, Most RFC2822 headers                     Crypto (MD5)

I should add:

  RFC2821       HELO                                            Connect IP

Since simply conforming to RFC HELO requirements (FQDN that resolves to
connect IP) is a reasonable authentication.  In fact, it is really all
that is needed - just track reputation of HELO names and reject the
invalid ones.  Unfortunately, too many MTAs have bogus HELO names, making
rejecting on invalid HELO impractical.  Hence the need for additional
mechanisms.  Basically, CSV/CSA and SPF are a way for a domain to
say, "Hey, I'm *not* yet another completely clueless mail admin - it's
ok to reject bogus HELO for my domain (and bogus MFROM in the case of SPF)."

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

<Prev in Thread] Current Thread [Next in Thread>